CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 3CVE-2011-2766
https://notcve.org/view.php?id=CVE-2011-2766
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. El módulo FCGI (también conocido como Fast CGI) v0.70 hasta v0.73 para Perl, como se usa en CGI::Fast, usa valores de variables de entorno para una peticnión durante el procesado de una petición posterior, lo que permite a atacantes remotos eludir la autenticación a través de cabeceras HTTP modificadas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479 http://www.debian.org/security/2011/dsa-2327 http://www.mandriva.com/security/advisories?name=MDVSA-2012:001 http://www.openwall.com/lists/oss-security/2011/09/08/1 http://www.openwall.com/lists/oss-security/2011/09/08/2 http://www.securityfocus.com/bid/49549 https://bugzilla.redhat.com/show_bug.cgi?id=736604 https://exchange.xforce.ibmcloud.com/vulnerabilities/69709 https://hermes.opensuse.org/messages/13154637 • CWE-287: Improper Authentication •