5

CVE-2012-5526

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Andy ArmstrongCgi.Pm Version <= 3.62
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.26% 0.868
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://secunia.com/advisories/55314
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://secunia.com/advisories/51457
http://www.ubuntu.com/usn/USN-1643-1
http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://www.debian.org/security/2012/dsa-2586
http://www.openwall.com/lists/oss-security/2012/11/15/6
http://www.securityfocus.com/bid/56562
http://www.securitytracker.com/id?1027780
https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
https://github.com/markstos/CGI.pm/pull/23