Описание
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 3.50-1 |
| hardy | DNE | |
| karmic | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | not-affected | 3.50-1 |
| oneiric | not-affected | 3.50-1 |
| precise | not-affected | 3.50-1 |
| quantal | not-affected | 3.50-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 1.111-2 |
| hardy | ignored | end of life |
| karmic | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | not-affected | 1.111-2 |
| oneiric | not-affected | 1.111-2 |
| precise | not-affected | 1.111-2 |
| quantal | not-affected | 1.111-2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 5.8.7-10ubuntu1.3 |
| devel | not-affected | 5.10.1-17ubuntu1 |
| hardy | released | 5.8.8-12ubuntu0.5 |
| karmic | ignored | end of life |
| lucid | released | 5.10.1-8ubuntu2.1 |
| maverick | released | 5.10.1-12ubuntu2.1 |
| natty | not-affected | 5.10.1-17ubuntu1 |
| oneiric | not-affected | 5.10.1-17ubuntu1 |
| precise | not-affected | 5.10.1-17ubuntu1 |
| quantal | not-affected | 5.10.1-17ubuntu1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.p ...
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
EPSS
4.3 Medium
CVSS2