CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5526 – perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers
https://notcve.org/view.php?id=CVE-2012-5526
21 Nov 2012 — CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. El módulo CGI.pm antes de v3.63 para Perl no escapa correctamente saltos de línea en cabeceras (1) Set-Cookie o (2) P3P, lo que podría permitir a atacantes remotos inyectar cabeceras arbitrarias a las respuestas de las aplicaciones que utilizan CGI.pm. • http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes • CWE-16: Configuration •
CVSS: 10.0EPSS: 0%CPEs: 174EXPL: 0CVE-2010-4410 – perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
https://notcve.org/view.php?id=CVE-2010-4410
06 Dec 2010 — CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de línea)) en la función header de (1) CGI.pm en version... • http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 155EXPL: 0CVE-2010-4411
https://notcve.org/view.php?id=CVE-2010-4411
06 Dec 2010 — Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. Vulnerabilidad sin especificar en CGI.pm 3.50 y anteriores. Permite a atacantes remotos inyectar cabeceras HTTP de su elección y realizar ataques de división de respuestas HTTP a través de vectores desconocidos. NOTA: esta vulnerabilidad existe debido a un parche i... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html •
CVSS: 10.0EPSS: 0%CPEs: 174EXPL: 0CVE-2010-2761 – perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
https://notcve.org/view.php?id=CVE-2010-2761
06 Dec 2010 — The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. La función multipart_init de (1) CGI.pm en versiones anteriores a la 3.50 y (2) Simple.pm de CGI::Simple 1.112 y versione... • http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 2%CPEs: 23EXPL: 0CVE-2003-0615
https://notcve.org/view.php?id=CVE-2003-0615
01 Aug 2003 — Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en parámetro "action" del formulario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713 •