5
CVE-2012-5526
- EPSS 3.26%
- Veröffentlicht 21.11.2012 23:55:02
- Zuletzt bearbeitet 16.06.2026 23:46:56
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Andy Armstrong ≫ Cgi.Pm Version <= 3.62
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.26% | 0.868 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://secunia.com/advisories/55314
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://secunia.com/advisories/51457
http://www.ubuntu.com/usn/USN-1643-1
http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://www.debian.org/security/2012/dsa-2586
http://www.openwall.com/lists/oss-security/2012/11/15/6
http://www.securityfocus.com/bid/56562
http://www.securitytracker.com/id?1027780
https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
https://github.com/markstos/CGI.pm/pull/23