ID CVE-2010-2761
Summary The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
References
Vulnerable Configurations
  • Andy Armstrong CGI.pm 3.49
    cpe:2.3:a:andy_armstrong:cgi.pm:3.49
  • Andy Armstrong CGI.pm 3.48
    cpe:2.3:a:andy_armstrong:cgi.pm:3.48
  • Andy Armstrong CGI.pm 3.47
    cpe:2.3:a:andy_armstrong:cgi.pm:3.47
  • Andy Armstrong CGI.pm 3.46
    cpe:2.3:a:andy_armstrong:cgi.pm:3.46
  • Andy Armstrong CGI.pm 3.45
    cpe:2.3:a:andy_armstrong:cgi.pm:3.45
  • Andy Armstrong CGI.pm 3.44
    cpe:2.3:a:andy_armstrong:cgi.pm:3.44
  • Andy Armstrong CGI.pm 3.43
    cpe:2.3:a:andy_armstrong:cgi.pm:3.43
  • Andy Armstrong CGI.pm 3.42
    cpe:2.3:a:andy_armstrong:cgi.pm:3.42
  • Andy Armstrong CGI.pm 3.41
    cpe:2.3:a:andy_armstrong:cgi.pm:3.41
  • Andy Armstrong CGI.pm 3.40
    cpe:2.3:a:andy_armstrong:cgi.pm:3.40
  • Andy Armstrong CGI.pm 3.39
    cpe:2.3:a:andy_armstrong:cgi.pm:3.39
  • Andy Armstrong CGI.pm 3.38
    cpe:2.3:a:andy_armstrong:cgi.pm:3.38
  • Andy Armstrong CGI.pm 3.37
    cpe:2.3:a:andy_armstrong:cgi.pm:3.37
  • Andy Armstrong CGI.pm 3.36
    cpe:2.3:a:andy_armstrong:cgi.pm:3.36
  • Andy Armstrong CGI.pm 3.35
    cpe:2.3:a:andy_armstrong:cgi.pm:3.35
  • Andy Armstrong CGI.pm 3.34
    cpe:2.3:a:andy_armstrong:cgi.pm:3.34
  • Andy Armstrong CGI.pm 3.33
    cpe:2.3:a:andy_armstrong:cgi.pm:3.33
  • Andy Armstrong CGI.pm 3.32
    cpe:2.3:a:andy_armstrong:cgi.pm:3.32
  • Andy Armstrong CGI.pm 3.31
    cpe:2.3:a:andy_armstrong:cgi.pm:3.31
  • Andy Armstrong CGI.pm 3.30
    cpe:2.3:a:andy_armstrong:cgi.pm:3.30
  • Andy Armstrong CGI.pm 3.29
    cpe:2.3:a:andy_armstrong:cgi.pm:3.29
  • Andy Armstrong CGI.pm 3.28
    cpe:2.3:a:andy_armstrong:cgi.pm:3.28
  • Andy Armstrong CGI.pm 3.27
    cpe:2.3:a:andy_armstrong:cgi.pm:3.27
  • Andy Armstrong CGI.pm 3.26
    cpe:2.3:a:andy_armstrong:cgi.pm:3.26
  • Andy Armstrong CGI.pm 3.25
    cpe:2.3:a:andy_armstrong:cgi.pm:3.25
  • Andy Armstrong CGI.pm 3.24
    cpe:2.3:a:andy_armstrong:cgi.pm:3.24
  • Andy Armstrong CGI.pm 3.23
    cpe:2.3:a:andy_armstrong:cgi.pm:3.23
  • Andy Armstrong CGI.pm 3.22
    cpe:2.3:a:andy_armstrong:cgi.pm:3.22
  • Andy Armstrong CGI.pm 3.21
    cpe:2.3:a:andy_armstrong:cgi.pm:3.21
  • Andy Armstrong CGI.pm 3.20
    cpe:2.3:a:andy_armstrong:cgi.pm:3.20
  • Andy Armstrong CGI.pm 3.19
    cpe:2.3:a:andy_armstrong:cgi.pm:3.19
  • Andy Armstrong CGI.pm 3.18
    cpe:2.3:a:andy_armstrong:cgi.pm:3.18
  • Andy Armstrong CGI.pm 3.17
    cpe:2.3:a:andy_armstrong:cgi.pm:3.17
  • Andy Armstrong CGI.pm 3.16
    cpe:2.3:a:andy_armstrong:cgi.pm:3.16
  • Andy Armstrong CGI.pm 3.15
    cpe:2.3:a:andy_armstrong:cgi.pm:3.15
  • Andy Armstrong CGI.pm 3.14
    cpe:2.3:a:andy_armstrong:cgi.pm:3.14
  • Andy Armstrong CGI.pm 3.13
    cpe:2.3:a:andy_armstrong:cgi.pm:3.13
  • Andy Armstrong CGI.pm 3.12
    cpe:2.3:a:andy_armstrong:cgi.pm:3.12
  • Andy Armstrong CGI.pm 3.11
    cpe:2.3:a:andy_armstrong:cgi.pm:3.11
  • Andy Armstrong CGI.pm 3.10
    cpe:2.3:a:andy_armstrong:cgi.pm:3.10
  • Andy Armstrong CGI.pm 3.09
    cpe:2.3:a:andy_armstrong:cgi.pm:3.09
  • Andy Armstrong CGI.pm 3.08
    cpe:2.3:a:andy_armstrong:cgi.pm:3.08
  • Andy Armstrong CGI.pm 3.07
    cpe:2.3:a:andy_armstrong:cgi.pm:3.07
  • Andy Armstrong CGI.pm 3.06
    cpe:2.3:a:andy_armstrong:cgi.pm:3.06
  • Andy Armstrong CGI.pm 3.05
    cpe:2.3:a:andy_armstrong:cgi.pm:3.05
  • Andy Armstrong CGI.pm 3.04
    cpe:2.3:a:andy_armstrong:cgi.pm:3.04
  • Andy Armstrong CGI.pm 3.03
    cpe:2.3:a:andy_armstrong:cgi.pm:3.03
  • Andy Armstrong CGI.pm 3.02
    cpe:2.3:a:andy_armstrong:cgi.pm:3.02
  • Andy Armstrong CGI.pm 3.01
    cpe:2.3:a:andy_armstrong:cgi.pm:3.01
  • Andy Armstrong CGI.pm 3.00
    cpe:2.3:a:andy_armstrong:cgi.pm:3.00
  • Andy Armstrong CGI.pm 2.99
    cpe:2.3:a:andy_armstrong:cgi.pm:2.99
  • Andy Armstrong CGI.pm 2.98
    cpe:2.3:a:andy_armstrong:cgi.pm:2.98
  • Andy Armstrong CGI.pm 2.97
    cpe:2.3:a:andy_armstrong:cgi.pm:2.97
  • Andy Armstrong CGI.pm 2.96
    cpe:2.3:a:andy_armstrong:cgi.pm:2.96
  • Andy Armstrong CGI.pm 2.95
    cpe:2.3:a:andy_armstrong:cgi.pm:2.95
  • Andy Armstrong CGI.pm 2.94
    cpe:2.3:a:andy_armstrong:cgi.pm:2.94
  • Andy Armstrong CGI.pm 2.93
    cpe:2.3:a:andy_armstrong:cgi.pm:2.93
  • Andy Armstrong CGI.pm 2.92
    cpe:2.3:a:andy_armstrong:cgi.pm:2.92
  • Andy Armstrong CGI.pm 2.91
    cpe:2.3:a:andy_armstrong:cgi.pm:2.91
  • Andy Armstrong CGI.pm 2.90
    cpe:2.3:a:andy_armstrong:cgi.pm:2.90
  • Andy Armstrong CGI.pm 2.89
    cpe:2.3:a:andy_armstrong:cgi.pm:2.89
  • Andy Armstrong CGI.pm 2.88
    cpe:2.3:a:andy_armstrong:cgi.pm:2.88
  • Andy Armstrong CGI.pm 2.87
    cpe:2.3:a:andy_armstrong:cgi.pm:2.87
  • Andy Armstrong CGI.pm 2.86
    cpe:2.3:a:andy_armstrong:cgi.pm:2.86
  • Andy Armstrong CGI.pm 2.85
    cpe:2.3:a:andy_armstrong:cgi.pm:2.85
  • Andy Armstrong CGI.pm 2.84
    cpe:2.3:a:andy_armstrong:cgi.pm:2.84
  • Andy Armstrong CGI.pm 2.83
    cpe:2.3:a:andy_armstrong:cgi.pm:2.83
  • Andy Armstrong CGI.pm 2.82
    cpe:2.3:a:andy_armstrong:cgi.pm:2.82
  • Andy Armstrong CGI.pm 2.81
    cpe:2.3:a:andy_armstrong:cgi.pm:2.81
  • Andy Armstrong CGI.pm 2.80
    cpe:2.3:a:andy_armstrong:cgi.pm:2.80
  • Andy Armstrong CGI.pm 2.79
    cpe:2.3:a:andy_armstrong:cgi.pm:2.79
  • Andy Armstrong CGI.pm 2.78
    cpe:2.3:a:andy_armstrong:cgi.pm:2.78
  • Andy Armstrong CGI.pm 2.77
    cpe:2.3:a:andy_armstrong:cgi.pm:2.77
  • Andy Armstrong CGI.pm 2.76
    cpe:2.3:a:andy_armstrong:cgi.pm:2.76
  • Andy Armstrong CGI.pm 2.752
    cpe:2.3:a:andy_armstrong:cgi.pm:2.752
  • Andy Armstrong CGI.pm 2.751
    cpe:2.3:a:andy_armstrong:cgi.pm:2.751
  • Andy Armstrong CGI.pm 2.75
    cpe:2.3:a:andy_armstrong:cgi.pm:2.75
  • Andy Armstrong CGI.pm 2.74
    cpe:2.3:a:andy_armstrong:cgi.pm:2.74
  • Andy Armstrong CGI.pm 2.73
    cpe:2.3:a:andy_armstrong:cgi.pm:2.73
  • Andy Armstrong CGI.pm 2.72
    cpe:2.3:a:andy_armstrong:cgi.pm:2.72
  • Andy Armstrong CGI.pm 2.71
    cpe:2.3:a:andy_armstrong:cgi.pm:2.71
  • Andy Armstrong CGI.pm 2.70
    cpe:2.3:a:andy_armstrong:cgi.pm:2.70
  • Andy Armstrong CGI.pm 2.69
    cpe:2.3:a:andy_armstrong:cgi.pm:2.69
  • Andy Armstrong CGI.pm 2.68
    cpe:2.3:a:andy_armstrong:cgi.pm:2.68
  • Andy Armstrong CGI.pm 2.67
    cpe:2.3:a:andy_armstrong:cgi.pm:2.67
  • Andy Armstrong CGI.pm 2.66
    cpe:2.3:a:andy_armstrong:cgi.pm:2.66
  • Andy Armstrong CGI.pm 2.65
    cpe:2.3:a:andy_armstrong:cgi.pm:2.65
  • Andy Armstrong CGI.pm 2.64
    cpe:2.3:a:andy_armstrong:cgi.pm:2.64
  • Andy Armstrong CGI.pm 2.63
    cpe:2.3:a:andy_armstrong:cgi.pm:2.63
  • Andy Armstrong CGI.pm 2.62
    cpe:2.3:a:andy_armstrong:cgi.pm:2.62
  • Andy Armstrong CGI.pm 2.61
    cpe:2.3:a:andy_armstrong:cgi.pm:2.61
  • Andy Armstrong CGI.pm 2.60
    cpe:2.3:a:andy_armstrong:cgi.pm:2.60
  • Andy Armstrong CGI.pm 2.59
    cpe:2.3:a:andy_armstrong:cgi.pm:2.59
  • Andy Armstrong CGI.pm 2.58
    cpe:2.3:a:andy_armstrong:cgi.pm:2.58
  • Andy Armstrong CGI.pm 2.57
    cpe:2.3:a:andy_armstrong:cgi.pm:2.57
  • Andy Armstrong CGI.pm 2.56
    cpe:2.3:a:andy_armstrong:cgi.pm:2.56
  • Andy Armstrong CGI.pm 2.55
    cpe:2.3:a:andy_armstrong:cgi.pm:2.55
  • Andy Armstrong CGI.pm 2.54
    cpe:2.3:a:andy_armstrong:cgi.pm:2.54
  • Andy Armstrong CGI.pm 2.53
    cpe:2.3:a:andy_armstrong:cgi.pm:2.53
  • Andy Armstrong CGI.pm 2.52
    cpe:2.3:a:andy_armstrong:cgi.pm:2.52
  • Andy Armstrong CGI.pm 2.51
    cpe:2.3:a:andy_armstrong:cgi.pm:2.51
  • Andy Armstrong CGI.pm 2.50
    cpe:2.3:a:andy_armstrong:cgi.pm:2.50
  • Andy Armstrong CGI.pm 2.49
    cpe:2.3:a:andy_armstrong:cgi.pm:2.49
  • Andy Armstrong CGI.pm 2.48
    cpe:2.3:a:andy_armstrong:cgi.pm:2.48
  • Andy Armstrong CGI.pm 2.47
    cpe:2.3:a:andy_armstrong:cgi.pm:2.47
  • Andy Armstrong CGI.pm 2.46
    cpe:2.3:a:andy_armstrong:cgi.pm:2.46
  • Andy Armstrong CGI.pm 2.45
    cpe:2.3:a:andy_armstrong:cgi.pm:2.45
  • Andy Armstrong CGI.pm 2.44
    cpe:2.3:a:andy_armstrong:cgi.pm:2.44
  • Andy Armstrong CGI.pm 2.43
    cpe:2.3:a:andy_armstrong:cgi.pm:2.43
  • Andy Armstrong CGI.pm 2.42
    cpe:2.3:a:andy_armstrong:cgi.pm:2.42
  • Andy Armstrong CGI.pm 2.41
    cpe:2.3:a:andy_armstrong:cgi.pm:2.41
  • Andy Armstrong CGI.pm 2.40
    cpe:2.3:a:andy_armstrong:cgi.pm:2.40
  • Andy Armstrong CGI.pm 2.39
    cpe:2.3:a:andy_armstrong:cgi.pm:2.39
  • Andy Armstrong CGI.pm 2.38
    cpe:2.3:a:andy_armstrong:cgi.pm:2.38
  • Andy Armstrong CGI.pm 2.37
    cpe:2.3:a:andy_armstrong:cgi.pm:2.37
  • Andy Armstrong CGI.pm 2.36
    cpe:2.3:a:andy_armstrong:cgi.pm:2.36
  • Andy Armstrong CGI.pm 2.35
    cpe:2.3:a:andy_armstrong:cgi.pm:2.35
  • Andy Armstrong CGI.pm 2.34
    cpe:2.3:a:andy_armstrong:cgi.pm:2.34
  • Andy Armstrong CGI.pm 2.33
    cpe:2.3:a:andy_armstrong:cgi.pm:2.33
  • Andy Armstrong CGI.pm 2.32
    cpe:2.3:a:andy_armstrong:cgi.pm:2.32
  • Andy Armstrong CGI.pm 2.31
    cpe:2.3:a:andy_armstrong:cgi.pm:2.31
  • Andy Armstrong CGI.pm 2.30
    cpe:2.3:a:andy_armstrong:cgi.pm:2.30
  • Andy Armstrong CGI.pm 2.29
    cpe:2.3:a:andy_armstrong:cgi.pm:2.29
  • Andy Armstrong CGI.pm 2.28
    cpe:2.3:a:andy_armstrong:cgi.pm:2.28
  • Andy Armstrong CGI.pm 2.27
    cpe:2.3:a:andy_armstrong:cgi.pm:2.27
  • Andy Armstrong CGI.pm 2.26
    cpe:2.3:a:andy_armstrong:cgi.pm:2.26
  • Andy Armstrong CGI.pm 2.25
    cpe:2.3:a:andy_armstrong:cgi.pm:2.25
  • Andy Armstrong CGI.pm 2.24
    cpe:2.3:a:andy_armstrong:cgi.pm:2.24
  • Andy Armstrong CGI.pm 2.23
    cpe:2.3:a:andy_armstrong:cgi.pm:2.23
  • Andy Armstrong CGI.pm 2.22
    cpe:2.3:a:andy_armstrong:cgi.pm:2.22
  • Andy Armstrong CGI.pm 2.21
    cpe:2.3:a:andy_armstrong:cgi.pm:2.21
  • Andy Armstrong CGI.pm 2.20
    cpe:2.3:a:andy_armstrong:cgi.pm:2.20
  • Andy Armstrong CGI.pm 2.19
    cpe:2.3:a:andy_armstrong:cgi.pm:2.19
  • Andy Armstrong CGI.pm 2.18
    cpe:2.3:a:andy_armstrong:cgi.pm:2.18
  • Andy Armstrong CGI.pm 2.17
    cpe:2.3:a:andy_armstrong:cgi.pm:2.17
  • Andy Armstrong CGI.pm 2.16
    cpe:2.3:a:andy_armstrong:cgi.pm:2.16
  • Andy Armstrong CGI.pm 2.15
    cpe:2.3:a:andy_armstrong:cgi.pm:2.15
  • Andy Armstrong CGI.pm 2.14
    cpe:2.3:a:andy_armstrong:cgi.pm:2.14
  • Andy Armstrong CGI.pm 2.13
    cpe:2.3:a:andy_armstrong:cgi.pm:2.13
  • Andy Armstrong CGI.pm 2.01
    cpe:2.3:a:andy_armstrong:cgi.pm:2.01
  • Andy Armstrong CGI.pm 2.0
    cpe:2.3:a:andy_armstrong:cgi.pm:2.0
  • Andy Armstrong CGI.pm 1.57
    cpe:2.3:a:andy_armstrong:cgi.pm:1.57
  • Andy Armstrong CGI.pm 1.56
    cpe:2.3:a:andy_armstrong:cgi.pm:1.56
  • Andy Armstrong CGI.pm 1.55
    cpe:2.3:a:andy_armstrong:cgi.pm:1.55
  • Andy Armstrong CGI.pm 1.54
    cpe:2.3:a:andy_armstrong:cgi.pm:1.54
  • Andy Armstrong CGI.pm 1.53
    cpe:2.3:a:andy_armstrong:cgi.pm:1.53
  • Andy Armstrong CGI.pm 1.52
    cpe:2.3:a:andy_armstrong:cgi.pm:1.52
  • Andy Armstrong CGI.pm 1.51
    cpe:2.3:a:andy_armstrong:cgi.pm:1.51
  • Andy Armstrong CGI.pm 1.50
    cpe:2.3:a:andy_armstrong:cgi.pm:1.50
  • Andy Armstrong CGI.pm 1.45
    cpe:2.3:a:andy_armstrong:cgi.pm:1.45
  • Andy Armstrong CGI.pm 1.44
    cpe:2.3:a:andy_armstrong:cgi.pm:1.44
  • Andy Armstrong CGI.pm 1.43
    cpe:2.3:a:andy_armstrong:cgi.pm:1.43
  • Andy Armstrong CGI.pm 1.42
    cpe:2.3:a:andy_armstrong:cgi.pm:1.42
  • Andy Armstrong CGI.pm 1.4
    cpe:2.3:a:andy_armstrong:cgi.pm:1.4
  • Andy Armstrong CGI::Simple 0.079
    cpe:2.3:a:andy_armstrong:cgi-simple:0.079
  • Andy Armstrong CGI::Simple 0.078
    cpe:2.3:a:andy_armstrong:cgi-simple:0.078
  • Andy Armstrong CGI::Simple 0.080
    cpe:2.3:a:andy_armstrong:cgi-simple:0.080
  • Andy Armstrong CGI::Simple 0.081
    cpe:2.3:a:andy_armstrong:cgi-simple:0.081
  • Andy Armstrong CGI::Simple 0.082
    cpe:2.3:a:andy_armstrong:cgi-simple:0.082
  • Andy Armstrong CGI::Simple 0.83
    cpe:2.3:a:andy_armstrong:cgi-simple:0.83
  • Andy Armstrong CGI::Simple 1.0
    cpe:2.3:a:andy_armstrong:cgi-simple:1.0
  • Andy Armstrong CGI::Simple 1.1
    cpe:2.3:a:andy_armstrong:cgi-simple:1.1
  • Andy Armstrong CGI::Simple 1.1.1
    cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1
  • Andy Armstrong CGI::Simple 1.1.2
    cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2
  • Andy Armstrong CGI::Simple 1.103
    cpe:2.3:a:andy_armstrong:cgi-simple:1.103
  • Andy Armstrong CGI::Simple 1.104
    cpe:2.3:a:andy_armstrong:cgi-simple:1.104
  • Andy Armstrong CGI::Simple 1.105
    cpe:2.3:a:andy_armstrong:cgi-simple:1.105
  • Andy Armstrong CGI::Simple 1.106
    cpe:2.3:a:andy_armstrong:cgi-simple:1.106
  • Andy Armstrong CGI::Simple 1.107
    cpe:2.3:a:andy_armstrong:cgi-simple:1.107
  • Andy Armstrong CGI::Simple 1.108
    cpe:2.3:a:andy_armstrong:cgi-simple:1.108
  • Andy Armstrong CGI::Simple 1.109
    cpe:2.3:a:andy_armstrong:cgi-simple:1.109
  • Andy Armstrong CGI::Simple 1.110
    cpe:2.3:a:andy_armstrong:cgi-simple:1.110
  • Andy Armstrong CGI::Simple 1.110
    cpe:2.3:a:andy_armstrong:cgi-simple:1.111
  • Andy Armstrong CGI::Simple 1.112
    cpe:2.3:a:andy_armstrong:cgi-simple:1.112
CVSS
Base: 4.3 (as of 07-12-2010 - 09:56)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_PERL-CGI-SIMPLE-110107.NASL
    description A HTTP header injection attack was fixed in perl-CGI-Simple. CVE-2010-2761 has been assigned to this issue.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 53790
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53790
    title openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_PERL-CGI-SIMPLE-110107.NASL
    description A HTTP header injection attack was fixed in perl-CGI-Simple. CVE-2010-2761 has been assigned to this issue.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75708
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75708
    title openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1129-1.NASL
    description It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. (CVE-2010-1168, CVE-2010-1447) It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-2761, CVE-2010-4411) It was discovered that the CGI.pm Perl module incorrectly handled newline characters. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-4410) It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input. An attacker could use this flaw to bypass intended restrictions. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55090
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55090
    title Ubuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : perl vulnerabilities (USN-1129-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-03 (Bugzilla: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers. A local attacker could disclose the contents of temporarfy files for uploaded attachments. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56445
    published 2011-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56445
    title GLSA-201110-03 : Bugzilla: Multiple vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1797.NASL
    description From Red Hat Security Advisory 2011:1797 : Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the 'new' constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597) It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410) All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68402
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68402
    title Oracle Linux 4 / 5 : perl (ELSA-2011-1797)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_PERL-110112.NASL
    description Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75705
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75705
    title openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_141552-04.NASL
    description SunOS 5.10: Apache 2 mod_perl Perl cgi pat. Date this patch was last updated by Sun : Apr/20/11
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107527
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107527
    title Solaris 10 (sparc) : 141552-04
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0558.NASL
    description Updated perl packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. The Perl CGI module provides resources for preparing and processing Common Gateway Interface (CGI) based HTTP requests and responses. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410) It was found that certain Perl string manipulation functions (such as uc() and lc()) failed to preserve the taint bit. A remote attacker could use this flaw to bypass the Perl taint mode protection mechanism in scripts that use the affected functions to process tainted input. (CVE-2011-1487) These packages upgrade the CGI module to version 3.51. Refer to the CGI module's Changes file, linked to in the References, for a full list of changes. This update also fixes the following bugs: * When using the "threads" module, an attempt to send a signal to a thread that did not have a signal handler specified caused the perl interpreter to terminate unexpectedly with a segmentation fault. With this update, the "threads" module has been updated to upstream version 1.82, which fixes this bug. As a result, sending a signal to a thread that does not have the signal handler specified no longer causes perl to crash. (BZ#626330) * Prior to this update, the perl packages did not require the Digest::SHA module as a dependency. Consequent to this, when a user started the cpan command line interface and attempted to download a distribution from CPAN, they may have been presented with the following message: CPAN: checksum security checks disabled because Digest::SHA not installed. Please consider installing the Digest::SHA module. This update corrects the spec file for the perl package to require the perl-Digest-SHA package as a dependency, and cpan no longer displays the above message. (BZ#640716) * When using the "threads" module, continual creation and destruction of threads could cause the Perl program to consume an increasing amount of memory. With this update, the underlying source code has been corrected to free the allocated memory when a thread is destroyed, and the continual creation and destruction of threads in Perl programs no longer leads to memory leaks. (BZ#640720) * Due to a packaging error, the perl packages did not include the "NDBM_File" module. This update corrects this error, and "NDBM_File" is now included as expected. (BZ#640729) * Prior to this update, the prove(1) manual page and the "prove --help" command listed "--fork" as a valid command line option. However, version 3.17 of the Test::Harness distribution removed the support for the fork-based parallel testing, and the prove utility thus no longer supports this option. This update corrects both the manual page and the output of the "prove --help" command, so that "--fork" is no longer included in the list of available command line options. (BZ#609492) Users of Perl, especially those of Perl threads, are advised to upgrade to these updated packages, which correct these issues.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 54593
    published 2011-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54593
    title RHSA-2011-0558: perl
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141553-04.NASL
    description SunOS 5.10_x86: Apache 2 mod_perl Perl cgi. Date this patch was last updated by Sun : Apr/20/11
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 108026
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108026
    title Solaris 10 (x86) : 141553-04
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C8C927E5289111E08F2600151735203A.NASL
    description A Bugzilla Security Advisory reports : This advisory covers three security issues that have recently been fixed in the Bugzilla code : - A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. - A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages in Bugzilla. - If you put a harmful 'javascript:' or 'data:' URL into Bugzilla's 'URL' field, then there are multiple situations in which Bugzilla will unintentionally make that link clickable. - Various pages lack protection against cross-site request forgeries. All affected installations are encouraged to upgrade as soon as possible.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 51670
    published 2011-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51670
    title FreeBSD : bugzilla -- multiple serious vulnerabilities (c8c927e5-2891-11e0-8f26-00151735203a)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1797.NASL
    description Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the 'new' constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597) It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410) All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57053
    published 2011-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57053
    title RHEL 4 / 5 : perl (RHSA-2011:1797)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0653.NASL
    description Update to 1.113 and apply additional patch to resolve CVE-2010-4410. Fix boundary to use randomized value as opposed to hard-coded value. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51823
    published 2011-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51823
    title Fedora 14 : perl-CGI-Simple-1.113-1.fc14 (2011-0653)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_PERL-110112.NASL
    description Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53789
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53789
    title openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0631.NASL
    description Update to 1.113 and apply additional patch to resolve CVE-2010-4410. Fix boundary to use randomized value as opposed to hard-coded value. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51822
    published 2011-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51822
    title Fedora 13 : perl-CGI-Simple-1.113-1.fc13 (2011-0631)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-237.NASL
    description A new version of the CGI Perl module has been released to CPAN, which fixes several security bugs which directly affect Bugzilla (these two security bugs where first discovered as affecting Bugzilla, then identified as being bugs in CGI.pm itself). The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hard-coded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172 (CVE-2010-2761). CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been upgraded to perl-CGI 3.50 to solve these security issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 50609
    published 2010-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50609
    title Mandriva Linux Security Advisory : perl-CGI (MDVSA-2010:237)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0755.NASL
    description Some serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 51856
    published 2011-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51856
    title Fedora 13 : bugzilla-3.4.10-1.fc13 (2011-0755)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PERL-7316.NASL
    description Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. - have been assigned to this issue. (CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411)
    last seen 2019-02-21
    modified 2012-10-03
    plugin id 51641
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51641
    title SuSE 10 Security Update : Perl (ZYPP Patch Number 7316)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PERL-110112.NASL
    description Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411 have been assigned to this issue.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51630
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51630
    title SuSE 11.1 Security Update : perl (SAT Patch Number 3804)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-1797.NASL
    description Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the 'new' constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597) It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410) All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57068
    published 2011-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57068
    title CentOS 4 / 5 : perl (CESA-2011:1797)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0741.NASL
    description Some serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 51855
    published 2011-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51855
    title Fedora 14 : bugzilla-3.6.4-1.fc14 (2011-0741)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0013.NASL
    description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 61747
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61747
    title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89038
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89038
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
redhat via4
advisories
rhsa
id RHSA-2011:1797
rpms
  • perl-4:5.10.1-119.el6
  • perl-Archive-Extract-1:0.38-119.el6
  • perl-Archive-Tar-0:1.58-119.el6
  • perl-CGI-0:3.51-119.el6
  • perl-CPAN-0:1.9402-119.el6
  • perl-CPANPLUS-0:0.88-119.el6
  • perl-Compress-Raw-Zlib-0:2.023-119.el6
  • perl-Compress-Zlib-0:2.020-119.el6
  • perl-Digest-SHA-1:5.47-119.el6
  • perl-ExtUtils-CBuilder-1:0.27-119.el6
  • perl-ExtUtils-Embed-0:1.28-119.el6
  • perl-ExtUtils-MakeMaker-0:6.55-119.el6
  • perl-ExtUtils-ParseXS-1:2.2003.0-119.el6
  • perl-File-Fetch-0:0.26-119.el6
  • perl-IO-Compress-Base-0:2.020-119.el6
  • perl-IO-Compress-Zlib-0:2.020-119.el6
  • perl-IO-Zlib-1:1.09-119.el6
  • perl-IPC-Cmd-1:0.56-119.el6
  • perl-Locale-Maketext-Simple-1:0.18-119.el6
  • perl-Log-Message-1:0.02-119.el6
  • perl-Log-Message-Simple-0:0.04-119.el6
  • perl-Module-Build-1:0.3500-119.el6
  • perl-Module-CoreList-0:2.18-119.el6
  • perl-Module-Load-1:0.16-119.el6
  • perl-Module-Load-Conditional-0:0.30-119.el6
  • perl-Module-Loaded-1:0.02-119.el6
  • perl-Module-Pluggable-1:3.90-119.el6
  • perl-Object-Accessor-1:0.34-119.el6
  • perl-Package-Constants-1:0.02-119.el6
  • perl-Params-Check-1:0.26-119.el6
  • perl-Parse-CPAN-Meta-1:1.40-119.el6
  • perl-Pod-Escapes-1:1.04-119.el6
  • perl-Pod-Simple-1:3.13-119.el6
  • perl-Term-UI-0:0.20-119.el6
  • perl-Test-Harness-0:3.17-119.el6
  • perl-Test-Simple-0:0.92-119.el6
  • perl-Time-HiRes-4:1.9721-119.el6
  • perl-Time-Piece-0:1.15-119.el6
  • perl-core-0:5.10.1-119.el6
  • perl-devel-4:5.10.1-119.el6
  • perl-libs-4:5.10.1-119.el6
  • perl-parent-1:0.221-119.el6
  • perl-suidperl-4:5.10.1-119.el6
  • perl-version-3:0.77-119.el6
  • perl-3:5.8.5-57.el4
  • perl-suidperl-3:5.8.5-57.el4
  • perl-4:5.8.8-32.el5_7.6
  • perl-suidperl-4:5.8.8-32.el5_7.6
refmap via4
confirm
fedora
  • FEDORA-2011-0631
  • FEDORA-2011-0653
  • FEDORA-2011-0741
  • FEDORA-2011-0755
mandriva
  • MDVSA-2010:237
  • MDVSA-2010:250
misc https://bugzilla.mozilla.org/show_bug.cgi?id=600464
mlist
  • [oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)
  • [oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)
osvdb
  • 69588
  • 69589
secunia
  • 42877
  • 43033
  • 43068
  • 43147
  • 43165
suse
  • SUSE-SR:2011:001
  • SUSE-SR:2011:002
  • SUSE-SR:2011:005
vupen
  • ADV-2011-0076
  • ADV-2011-0207
  • ADV-2011-0212
  • ADV-2011-0249
  • ADV-2011-0271
vmware via4
description The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.
id VMSA-2012-0013
last_updated 2012-12-20T00:00:00
published 2012-08-30T00:00:00
title Update to ESX service console Perl RPM
Last major update 07-12-2016 - 22:01
Published 06-12-2010 - 15:12
Back to Top