Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-4410

Опубликовано: 06 дек. 2010
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:andy_armstrong:cgi.pm:*:*:*:*:*:*:*:*
Версия до 3.49 (включая)
cpe:2.3:a:andy_armstrong:cgi.pm:1.4:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.42:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.43:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.44:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.45:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.50:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.51:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.52:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.53:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.54:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.55:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.56:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.57:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.0:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.01:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.13:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.14:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.15:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.16:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.17:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.18:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.19:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.20:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.21:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.22:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.23:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.24:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.25:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.26:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.27:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.28:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.29:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.30:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.31:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.32:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.33:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.34:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.35:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.36:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.37:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.38:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.39:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.40:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.41:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.42:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.43:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.44:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.45:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.46:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.47:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.48:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.49:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.50:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.51:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.52:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.53:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.54:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.55:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.56:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.57:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.58:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.59:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.60:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.61:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.62:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.63:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.64:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.65:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.66:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.67:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.68:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.69:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.70:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.71:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.72:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.73:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.74:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.75:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.76:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.77:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.78:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.79:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.80:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.81:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.82:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.83:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.84:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.85:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.86:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.87:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.88:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.89:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.90:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.91:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.92:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.93:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.94:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.95:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.96:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.97:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.98:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.99:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.751:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.752:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.00:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.01:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.02:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.03:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.04:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.05:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.06:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.07:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.08:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.09:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.10:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.11:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.12:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.13:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.14:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.15:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.16:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.17:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.18:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.19:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.20:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.21:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.22:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.23:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.24:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.25:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.26:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.27:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.28:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.29:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.30:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.31:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.32:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.33:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.34:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.35:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.36:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.37:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.38:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.39:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.40:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.41:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.42:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.43:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.44:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.45:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.46:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.47:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.48:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:andy_armstrong:cgi-simple:*:*:*:*:*:*:*:*
Версия до 1.112 (включая)
cpe:2.3:a:andy_armstrong:cgi-simple:0.078:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.079:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.080:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.081:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.082:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.83:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.0:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.103:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.104:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.105:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.106:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.107:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.108:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.109:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.110:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.111:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01193
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

ubuntu логотип

CVE-2010-4410

ubuntu
больше 14 лет назад

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

redhat логотип

CVE-2010-4410

redhat
больше 14 лет назад

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

debian логотип

CVE-2010-4410

debian
больше 14 лет назад

CRLF injection vulnerability in the header function in (1) CGI.pm befo ...

github логотип

GHSA-63qf-cwcv-ff3r

github
около 3 лет назад

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

oracle-oval логотип

ELSA-2011-1797

oracle-oval
больше 13 лет назад

ELSA-2011-1797: perl security update (MODERATE)

EPSS

Процентиль: 78%
0.01193
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-94
Уязвимость CVE-2010-4410