CVSS: 10.0EPSS: 2%CPEs: 174EXPL: 0CVE-2010-2761 – perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
https://notcve.org/view.php?id=CVE-2010-2761
06 Dec 2010 — The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. La función multipart_init de (1) CGI.pm en versiones anteriores a la 3.50 y (2) Simple.pm de CGI::Simple 1.112 y versione... • http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 174EXPL: 0CVE-2010-4410 – perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
https://notcve.org/view.php?id=CVE-2010-4410
06 Dec 2010 — CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de línea)) en la función header de (1) CGI.pm en version... • http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes • CWE-94: Improper Control of Generation of Code ('Code Injection') •