CVE-2010-4410

EPSS 1.19%
Published 06.12.2010 20:13:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

Affected products Warnungen 0 Metrics 2 CWE 1 References 27

Data is provided by the National Vulnerability Database (NVD)

Andy Armstrong ≫ Cgi.Pm Version <= 3.49

Andy Armstrong ≫ Cgi.Pm Version1.4

Andy Armstrong ≫ Cgi.Pm Version1.42

Andy Armstrong ≫ Cgi.Pm Version1.43

Andy Armstrong ≫ Cgi.Pm Version1.44

Andy Armstrong ≫ Cgi.Pm Version1.45

Andy Armstrong ≫ Cgi.Pm Version1.50

Andy Armstrong ≫ Cgi.Pm Version1.51

Andy Armstrong ≫ Cgi.Pm Version1.52

Andy Armstrong ≫ Cgi.Pm Version1.53

Andy Armstrong ≫ Cgi.Pm Version1.54

Andy Armstrong ≫ Cgi.Pm Version1.55

Andy Armstrong ≫ Cgi.Pm Version1.56

Andy Armstrong ≫ Cgi.Pm Version1.57

Andy Armstrong ≫ Cgi.Pm Version2.0

Andy Armstrong ≫ Cgi.Pm Version2.01

Andy Armstrong ≫ Cgi.Pm Version2.13

Andy Armstrong ≫ Cgi.Pm Version2.14

Andy Armstrong ≫ Cgi.Pm Version2.15

Andy Armstrong ≫ Cgi.Pm Version2.16

Andy Armstrong ≫ Cgi.Pm Version2.17

Andy Armstrong ≫ Cgi.Pm Version2.18

Andy Armstrong ≫ Cgi.Pm Version2.19

Andy Armstrong ≫ Cgi.Pm Version2.20

Andy Armstrong ≫ Cgi.Pm Version2.21

Andy Armstrong ≫ Cgi.Pm Version2.22

Andy Armstrong ≫ Cgi.Pm Version2.23

Andy Armstrong ≫ Cgi.Pm Version2.24

Andy Armstrong ≫ Cgi.Pm Version2.25

Andy Armstrong ≫ Cgi.Pm Version2.26

Andy Armstrong ≫ Cgi.Pm Version2.27

Andy Armstrong ≫ Cgi.Pm Version2.28

Andy Armstrong ≫ Cgi.Pm Version2.29

Andy Armstrong ≫ Cgi.Pm Version2.30

Andy Armstrong ≫ Cgi.Pm Version2.31

Andy Armstrong ≫ Cgi.Pm Version2.32

Andy Armstrong ≫ Cgi.Pm Version2.33

Andy Armstrong ≫ Cgi.Pm Version2.34

Andy Armstrong ≫ Cgi.Pm Version2.35

Andy Armstrong ≫ Cgi.Pm Version2.36

Andy Armstrong ≫ Cgi.Pm Version2.37

Andy Armstrong ≫ Cgi.Pm Version2.38

Andy Armstrong ≫ Cgi.Pm Version2.39

Andy Armstrong ≫ Cgi.Pm Version2.40

Andy Armstrong ≫ Cgi.Pm Version2.41

Andy Armstrong ≫ Cgi.Pm Version2.42

Andy Armstrong ≫ Cgi.Pm Version2.43

Andy Armstrong ≫ Cgi.Pm Version2.44

Andy Armstrong ≫ Cgi.Pm Version2.45

Andy Armstrong ≫ Cgi.Pm Version2.46

Andy Armstrong ≫ Cgi.Pm Version2.47

Andy Armstrong ≫ Cgi.Pm Version2.48

Andy Armstrong ≫ Cgi.Pm Version2.49

Andy Armstrong ≫ Cgi.Pm Version2.50

Andy Armstrong ≫ Cgi.Pm Version2.51

Andy Armstrong ≫ Cgi.Pm Version2.52

Andy Armstrong ≫ Cgi.Pm Version2.53

Andy Armstrong ≫ Cgi.Pm Version2.54

Andy Armstrong ≫ Cgi.Pm Version2.55

Andy Armstrong ≫ Cgi.Pm Version2.56

Andy Armstrong ≫ Cgi.Pm Version2.57

Andy Armstrong ≫ Cgi.Pm Version2.58

Andy Armstrong ≫ Cgi.Pm Version2.59

Andy Armstrong ≫ Cgi.Pm Version2.60

Andy Armstrong ≫ Cgi.Pm Version2.61

Andy Armstrong ≫ Cgi.Pm Version2.62

Andy Armstrong ≫ Cgi.Pm Version2.63

Andy Armstrong ≫ Cgi.Pm Version2.64

Andy Armstrong ≫ Cgi.Pm Version2.65

Andy Armstrong ≫ Cgi.Pm Version2.66

Andy Armstrong ≫ Cgi.Pm Version2.67

Andy Armstrong ≫ Cgi.Pm Version2.68

Andy Armstrong ≫ Cgi.Pm Version2.69

Andy Armstrong ≫ Cgi.Pm Version2.70

Andy Armstrong ≫ Cgi.Pm Version2.71

Andy Armstrong ≫ Cgi.Pm Version2.72

Andy Armstrong ≫ Cgi.Pm Version2.73

Andy Armstrong ≫ Cgi.Pm Version2.74

Andy Armstrong ≫ Cgi.Pm Version2.75

Andy Armstrong ≫ Cgi.Pm Version2.76

Andy Armstrong ≫ Cgi.Pm Version2.77

Andy Armstrong ≫ Cgi.Pm Version2.78

Andy Armstrong ≫ Cgi.Pm Version2.79

Andy Armstrong ≫ Cgi.Pm Version2.80

Andy Armstrong ≫ Cgi.Pm Version2.81

Andy Armstrong ≫ Cgi.Pm Version2.82

Andy Armstrong ≫ Cgi.Pm Version2.83

Andy Armstrong ≫ Cgi.Pm Version2.84

Andy Armstrong ≫ Cgi.Pm Version2.85

Andy Armstrong ≫ Cgi.Pm Version2.86

Andy Armstrong ≫ Cgi.Pm Version2.87

Andy Armstrong ≫ Cgi.Pm Version2.88

Andy Armstrong ≫ Cgi.Pm Version2.89

Andy Armstrong ≫ Cgi.Pm Version2.90

Andy Armstrong ≫ Cgi.Pm Version2.91

Andy Armstrong ≫ Cgi.Pm Version2.92

Andy Armstrong ≫ Cgi.Pm Version2.93

Andy Armstrong ≫ Cgi.Pm Version2.94

Andy Armstrong ≫ Cgi.Pm Version2.95

Andy Armstrong ≫ Cgi.Pm Version2.96

Andy Armstrong ≫ Cgi.Pm Version2.97

Andy Armstrong ≫ Cgi.Pm Version2.98

Andy Armstrong ≫ Cgi.Pm Version2.99

Andy Armstrong ≫ Cgi.Pm Version2.751

Andy Armstrong ≫ Cgi.Pm Version2.752

Andy Armstrong ≫ Cgi.Pm Version3.00

Andy Armstrong ≫ Cgi.Pm Version3.01

Andy Armstrong ≫ Cgi.Pm Version3.02

Andy Armstrong ≫ Cgi.Pm Version3.03

Andy Armstrong ≫ Cgi.Pm Version3.04

Andy Armstrong ≫ Cgi.Pm Version3.05

Andy Armstrong ≫ Cgi.Pm Version3.06

Andy Armstrong ≫ Cgi.Pm Version3.07

Andy Armstrong ≫ Cgi.Pm Version3.08

Andy Armstrong ≫ Cgi.Pm Version3.09

Andy Armstrong ≫ Cgi.Pm Version3.10

Andy Armstrong ≫ Cgi.Pm Version3.11

Andy Armstrong ≫ Cgi.Pm Version3.12

Andy Armstrong ≫ Cgi.Pm Version3.13

Andy Armstrong ≫ Cgi.Pm Version3.14

Andy Armstrong ≫ Cgi.Pm Version3.15

Andy Armstrong ≫ Cgi.Pm Version3.16

Andy Armstrong ≫ Cgi.Pm Version3.17

Andy Armstrong ≫ Cgi.Pm Version3.18

Andy Armstrong ≫ Cgi.Pm Version3.19

Andy Armstrong ≫ Cgi.Pm Version3.20

Andy Armstrong ≫ Cgi.Pm Version3.21

Andy Armstrong ≫ Cgi.Pm Version3.22

Andy Armstrong ≫ Cgi.Pm Version3.23

Andy Armstrong ≫ Cgi.Pm Version3.24

Andy Armstrong ≫ Cgi.Pm Version3.25

Andy Armstrong ≫ Cgi.Pm Version3.26

Andy Armstrong ≫ Cgi.Pm Version3.27

Andy Armstrong ≫ Cgi.Pm Version3.28

Andy Armstrong ≫ Cgi.Pm Version3.29

Andy Armstrong ≫ Cgi.Pm Version3.30

Andy Armstrong ≫ Cgi.Pm Version3.31

Andy Armstrong ≫ Cgi.Pm Version3.32

Andy Armstrong ≫ Cgi.Pm Version3.33

Andy Armstrong ≫ Cgi.Pm Version3.34

Andy Armstrong ≫ Cgi.Pm Version3.35

Andy Armstrong ≫ Cgi.Pm Version3.36

Andy Armstrong ≫ Cgi.Pm Version3.37

Andy Armstrong ≫ Cgi.Pm Version3.38

Andy Armstrong ≫ Cgi.Pm Version3.39

Andy Armstrong ≫ Cgi.Pm Version3.40

Andy Armstrong ≫ Cgi.Pm Version3.41

Andy Armstrong ≫ Cgi.Pm Version3.42

Andy Armstrong ≫ Cgi.Pm Version3.43

Andy Armstrong ≫ Cgi.Pm Version3.44

Andy Armstrong ≫ Cgi.Pm Version3.45

Andy Armstrong ≫ Cgi.Pm Version3.46

Andy Armstrong ≫ Cgi.Pm Version3.47

Andy Armstrong ≫ Cgi.Pm Version3.48

Andy Armstrong ≫ Cgi-simple Version <= 1.112

Andy Armstrong ≫ Cgi-simple Version0.078

Andy Armstrong ≫ Cgi-simple Version0.079

Andy Armstrong ≫ Cgi-simple Version0.080

Andy Armstrong ≫ Cgi-simple Version0.081

Andy Armstrong ≫ Cgi-simple Version0.082

Andy Armstrong ≫ Cgi-simple Version0.83

Andy Armstrong ≫ Cgi-simple Version1.0

Andy Armstrong ≫ Cgi-simple Version1.1

Andy Armstrong ≫ Cgi-simple Version1.1.1

Andy Armstrong ≫ Cgi-simple Version1.1.2

Andy Armstrong ≫ Cgi-simple Version1.103

Andy Armstrong ≫ Cgi-simple Version1.104

Andy Armstrong ≫ Cgi-simple Version1.105

Andy Armstrong ≫ Cgi-simple Version1.106

Andy Armstrong ≫ Cgi-simple Version1.107

Andy Armstrong ≫ Cgi-simple Version1.108

Andy Armstrong ≫ Cgi-simple Version1.109

Andy Armstrong ≫ Cgi-simple Version1.110

Andy Armstrong ≫ Cgi-simple Version1.111

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.19%	0.769

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/43068

http://www.vupen.com/english/advisories/2011/0212

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

http://www.securityfocus.com/bid/44199

http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://openwall.com/lists/oss-security/2010/12/01/1

Patch