CVE Vulnerabilities

CVE-2012-5526

Published: Nov 21, 2012 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
2.6 MODERATE
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Affected Software

Name Vendor Start Version End Version
Cgi.pm Andy_armstrong * 3.62
Red Hat Enterprise Linux 5 RedHat perl-4:5.8.8-40.el5_9 *
Red Hat Enterprise Linux 6 RedHat perl-4:5.10.1-130.el6_4 *
Libcgi-pm-perl Ubuntu lucid *
Libcgi-pm-perl Ubuntu oneiric *
Libcgi-pm-perl Ubuntu precise *
Libcgi-pm-perl Ubuntu quantal *
Libcgi-pm-perl Ubuntu raring *
Libcgi-pm-perl Ubuntu upstream *
Perl Ubuntu hardy *
Perl Ubuntu lucid *
Perl Ubuntu oneiric *
Perl Ubuntu precise *
Perl Ubuntu precise/esm *
Perl Ubuntu quantal *
Perl Ubuntu upstream *

References