Описание
CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.3114+dfsg-1 |
| esm-apps/xenial | not-affected | 1.3114+dfsg-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1.3114+dfsg-1]] |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | ignored | end of life |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.
CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.p ...
CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.
EPSS
5 Medium
CVSS2