ID CVE-2010-4411
Summary Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
References
Vulnerable Configurations
  • Andy Armstrong CGI.pm 2.71
    cpe:2.3:a:andy_armstrong:cgi.pm:2.71
  • Andy Armstrong CGI.pm 2.72
    cpe:2.3:a:andy_armstrong:cgi.pm:2.72
  • Andy Armstrong CGI.pm 2.73
    cpe:2.3:a:andy_armstrong:cgi.pm:2.73
  • Andy Armstrong CGI.pm 2.74
    cpe:2.3:a:andy_armstrong:cgi.pm:2.74
  • Andy Armstrong CGI.pm 2.67
    cpe:2.3:a:andy_armstrong:cgi.pm:2.67
  • Andy Armstrong CGI.pm 2.68
    cpe:2.3:a:andy_armstrong:cgi.pm:2.68
  • Andy Armstrong CGI.pm 2.69
    cpe:2.3:a:andy_armstrong:cgi.pm:2.69
  • Andy Armstrong CGI.pm 2.70
    cpe:2.3:a:andy_armstrong:cgi.pm:2.70
  • Andy Armstrong CGI.pm 2.77
    cpe:2.3:a:andy_armstrong:cgi.pm:2.77
  • Andy Armstrong CGI.pm 2.78
    cpe:2.3:a:andy_armstrong:cgi.pm:2.78
  • Andy Armstrong CGI.pm 2.79
    cpe:2.3:a:andy_armstrong:cgi.pm:2.79
  • Andy Armstrong CGI.pm 2.80
    cpe:2.3:a:andy_armstrong:cgi.pm:2.80
  • Andy Armstrong CGI.pm 2.75
    cpe:2.3:a:andy_armstrong:cgi.pm:2.75
  • Andy Armstrong CGI.pm 2.751
    cpe:2.3:a:andy_armstrong:cgi.pm:2.751
  • Andy Armstrong CGI.pm 2.752
    cpe:2.3:a:andy_armstrong:cgi.pm:2.752
  • Andy Armstrong CGI.pm 2.76
    cpe:2.3:a:andy_armstrong:cgi.pm:2.76
  • Andy Armstrong CGI.pm 2.86
    cpe:2.3:a:andy_armstrong:cgi.pm:2.86
  • Andy Armstrong CGI.pm 2.85
    cpe:2.3:a:andy_armstrong:cgi.pm:2.85
  • Andy Armstrong CGI.pm 2.88
    cpe:2.3:a:andy_armstrong:cgi.pm:2.88
  • Andy Armstrong CGI.pm 2.87
    cpe:2.3:a:andy_armstrong:cgi.pm:2.87
  • Andy Armstrong CGI.pm 2.82
    cpe:2.3:a:andy_armstrong:cgi.pm:2.82
  • Andy Armstrong CGI.pm 2.81
    cpe:2.3:a:andy_armstrong:cgi.pm:2.81
  • Andy Armstrong CGI.pm 2.84
    cpe:2.3:a:andy_armstrong:cgi.pm:2.84
  • Andy Armstrong CGI.pm 2.83
    cpe:2.3:a:andy_armstrong:cgi.pm:2.83
  • Andy Armstrong CGI.pm 2.94
    cpe:2.3:a:andy_armstrong:cgi.pm:2.94
  • Andy Armstrong CGI.pm 2.93
    cpe:2.3:a:andy_armstrong:cgi.pm:2.93
  • Andy Armstrong CGI.pm 2.95
    cpe:2.3:a:andy_armstrong:cgi.pm:2.95
  • Andy Armstrong CGI.pm 2.90
    cpe:2.3:a:andy_armstrong:cgi.pm:2.90
  • Andy Armstrong CGI.pm 2.89
    cpe:2.3:a:andy_armstrong:cgi.pm:2.89
  • Andy Armstrong CGI.pm 2.92
    cpe:2.3:a:andy_armstrong:cgi.pm:2.92
  • Andy Armstrong CGI.pm 2.91
    cpe:2.3:a:andy_armstrong:cgi.pm:2.91
  • Andy Armstrong CGI.pm 2.41
    cpe:2.3:a:andy_armstrong:cgi.pm:2.41
  • Andy Armstrong CGI.pm 2.42
    cpe:2.3:a:andy_armstrong:cgi.pm:2.42
  • Andy Armstrong CGI.pm 2.40
    cpe:2.3:a:andy_armstrong:cgi.pm:2.40
  • Andy Armstrong CGI.pm 2.38
    cpe:2.3:a:andy_armstrong:cgi.pm:2.38
  • Andy Armstrong CGI.pm 2.39
    cpe:2.3:a:andy_armstrong:cgi.pm:2.39
  • Andy Armstrong CGI.pm 2.36
    cpe:2.3:a:andy_armstrong:cgi.pm:2.36
  • Andy Armstrong CGI.pm 2.37
    cpe:2.3:a:andy_armstrong:cgi.pm:2.37
  • Andy Armstrong CGI.pm 2.49
    cpe:2.3:a:andy_armstrong:cgi.pm:2.49
  • Andy Armstrong CGI.pm 2.50
    cpe:2.3:a:andy_armstrong:cgi.pm:2.50
  • Andy Armstrong CGI.pm 2.47
    cpe:2.3:a:andy_armstrong:cgi.pm:2.47
  • Andy Armstrong CGI.pm 2.48
    cpe:2.3:a:andy_armstrong:cgi.pm:2.48
  • Andy Armstrong CGI.pm 2.45
    cpe:2.3:a:andy_armstrong:cgi.pm:2.45
  • Andy Armstrong CGI.pm 2.46
    cpe:2.3:a:andy_armstrong:cgi.pm:2.46
  • Andy Armstrong CGI.pm 2.43
    cpe:2.3:a:andy_armstrong:cgi.pm:2.43
  • Andy Armstrong CGI.pm 2.44
    cpe:2.3:a:andy_armstrong:cgi.pm:2.44
  • Andy Armstrong CGI.pm 2.58
    cpe:2.3:a:andy_armstrong:cgi.pm:2.58
  • Andy Armstrong CGI.pm 2.57
    cpe:2.3:a:andy_armstrong:cgi.pm:2.57
  • Andy Armstrong CGI.pm 2.56
    cpe:2.3:a:andy_armstrong:cgi.pm:2.56
  • Andy Armstrong CGI.pm 2.55
    cpe:2.3:a:andy_armstrong:cgi.pm:2.55
  • Andy Armstrong CGI.pm 2.54
    cpe:2.3:a:andy_armstrong:cgi.pm:2.54
  • Andy Armstrong CGI.pm 2.53
    cpe:2.3:a:andy_armstrong:cgi.pm:2.53
  • Andy Armstrong CGI.pm 2.52
    cpe:2.3:a:andy_armstrong:cgi.pm:2.52
  • Andy Armstrong CGI.pm 2.51
    cpe:2.3:a:andy_armstrong:cgi.pm:2.51
  • Andy Armstrong CGI.pm 2.66
    cpe:2.3:a:andy_armstrong:cgi.pm:2.66
  • Andy Armstrong CGI.pm 2.65
    cpe:2.3:a:andy_armstrong:cgi.pm:2.65
  • Andy Armstrong CGI.pm 2.64
    cpe:2.3:a:andy_armstrong:cgi.pm:2.64
  • Andy Armstrong CGI.pm 2.63
    cpe:2.3:a:andy_armstrong:cgi.pm:2.63
  • Andy Armstrong CGI.pm 2.62
    cpe:2.3:a:andy_armstrong:cgi.pm:2.62
  • Andy Armstrong CGI.pm 2.61
    cpe:2.3:a:andy_armstrong:cgi.pm:2.61
  • Andy Armstrong CGI.pm 2.60
    cpe:2.3:a:andy_armstrong:cgi.pm:2.60
  • Andy Armstrong CGI.pm 2.59
    cpe:2.3:a:andy_armstrong:cgi.pm:2.59
  • Andy Armstrong CGI.pm 1.51
    cpe:2.3:a:andy_armstrong:cgi.pm:1.51
  • Andy Armstrong CGI.pm 1.52
    cpe:2.3:a:andy_armstrong:cgi.pm:1.52
  • Andy Armstrong CGI.pm 1.53
    cpe:2.3:a:andy_armstrong:cgi.pm:1.53
  • Andy Armstrong CGI.pm 1.54
    cpe:2.3:a:andy_armstrong:cgi.pm:1.54
  • Andy Armstrong CGI.pm 1.55
    cpe:2.3:a:andy_armstrong:cgi.pm:1.55
  • Andy Armstrong CGI.pm 1.56
    cpe:2.3:a:andy_armstrong:cgi.pm:1.56
  • Andy Armstrong CGI.pm 1.57
    cpe:2.3:a:andy_armstrong:cgi.pm:1.57
  • Andy Armstrong CGI.pm 2.0
    cpe:2.3:a:andy_armstrong:cgi.pm:2.0
  • Andy Armstrong CGI.pm 2.01
    cpe:2.3:a:andy_armstrong:cgi.pm:2.01
  • Andy Armstrong CGI.pm 2.13
    cpe:2.3:a:andy_armstrong:cgi.pm:2.13
  • Andy Armstrong CGI.pm 2.14
    cpe:2.3:a:andy_armstrong:cgi.pm:2.14
  • Andy Armstrong CGI.pm 2.15
    cpe:2.3:a:andy_armstrong:cgi.pm:2.15
  • Andy Armstrong CGI.pm 2.16
    cpe:2.3:a:andy_armstrong:cgi.pm:2.16
  • Andy Armstrong CGI.pm 2.17
    cpe:2.3:a:andy_armstrong:cgi.pm:2.17
  • Andy Armstrong CGI.pm 2.18
    cpe:2.3:a:andy_armstrong:cgi.pm:2.18
  • Andy Armstrong CGI.pm 2.19
    cpe:2.3:a:andy_armstrong:cgi.pm:2.19
  • Andy Armstrong CGI.pm 2.21
    cpe:2.3:a:andy_armstrong:cgi.pm:2.21
  • Andy Armstrong CGI.pm 2.20
    cpe:2.3:a:andy_armstrong:cgi.pm:2.20
  • Andy Armstrong CGI.pm 2.23
    cpe:2.3:a:andy_armstrong:cgi.pm:2.23
  • Andy Armstrong CGI.pm 2.22
    cpe:2.3:a:andy_armstrong:cgi.pm:2.22
  • Andy Armstrong CGI.pm 2.25
    cpe:2.3:a:andy_armstrong:cgi.pm:2.25
  • Andy Armstrong CGI.pm 2.24
    cpe:2.3:a:andy_armstrong:cgi.pm:2.24
  • Andy Armstrong CGI.pm 2.27
    cpe:2.3:a:andy_armstrong:cgi.pm:2.27
  • Andy Armstrong CGI.pm 2.26
    cpe:2.3:a:andy_armstrong:cgi.pm:2.26
  • Andy Armstrong CGI.pm 2.29
    cpe:2.3:a:andy_armstrong:cgi.pm:2.29
  • Andy Armstrong CGI.pm 2.28
    cpe:2.3:a:andy_armstrong:cgi.pm:2.28
  • Andy Armstrong CGI.pm 2.31
    cpe:2.3:a:andy_armstrong:cgi.pm:2.31
  • Andy Armstrong CGI.pm 2.30
    cpe:2.3:a:andy_armstrong:cgi.pm:2.30
  • Andy Armstrong CGI.pm 2.33
    cpe:2.3:a:andy_armstrong:cgi.pm:2.33
  • Andy Armstrong CGI.pm 2.32
    cpe:2.3:a:andy_armstrong:cgi.pm:2.32
  • Andy Armstrong CGI.pm 2.35
    cpe:2.3:a:andy_armstrong:cgi.pm:2.35
  • Andy Armstrong CGI.pm 2.34
    cpe:2.3:a:andy_armstrong:cgi.pm:2.34
  • Andy Armstrong CGI.pm 1.42
    cpe:2.3:a:andy_armstrong:cgi.pm:1.42
  • Andy Armstrong CGI.pm 1.4
    cpe:2.3:a:andy_armstrong:cgi.pm:1.4
  • Andy Armstrong CGI.pm 1.50
    cpe:2.3:a:andy_armstrong:cgi.pm:1.50
  • Andy Armstrong CGI.pm 1.45
    cpe:2.3:a:andy_armstrong:cgi.pm:1.45
  • Andy Armstrong CGI.pm 1.44
    cpe:2.3:a:andy_armstrong:cgi.pm:1.44
  • Andy Armstrong CGI.pm 1.43
    cpe:2.3:a:andy_armstrong:cgi.pm:1.43
  • Andy Armstrong CGI.pm 2.96
    cpe:2.3:a:andy_armstrong:cgi.pm:2.96
  • Andy Armstrong CGI.pm 3.49
    cpe:2.3:a:andy_armstrong:cgi.pm:3.49
  • Andy Armstrong CGI.pm 3.38
    cpe:2.3:a:andy_armstrong:cgi.pm:3.38
  • Andy Armstrong CGI.pm 3.37
    cpe:2.3:a:andy_armstrong:cgi.pm:3.37
  • Andy Armstrong CGI.pm 3.40
    cpe:2.3:a:andy_armstrong:cgi.pm:3.40
  • Andy Armstrong CGI.pm 3.39
    cpe:2.3:a:andy_armstrong:cgi.pm:3.39
  • Andy Armstrong CGI.pm 3.42
    cpe:2.3:a:andy_armstrong:cgi.pm:3.42
  • Andy Armstrong CGI.pm 3.41
    cpe:2.3:a:andy_armstrong:cgi.pm:3.41
  • Andy Armstrong CGI.pm 3.44
    cpe:2.3:a:andy_armstrong:cgi.pm:3.44
  • Andy Armstrong CGI.pm 3.43
    cpe:2.3:a:andy_armstrong:cgi.pm:3.43
  • Andy Armstrong CGI.pm 3.30
    cpe:2.3:a:andy_armstrong:cgi.pm:3.30
  • Andy Armstrong CGI.pm 3.29
    cpe:2.3:a:andy_armstrong:cgi.pm:3.29
  • Andy Armstrong CGI.pm 3.32
    cpe:2.3:a:andy_armstrong:cgi.pm:3.32
  • Andy Armstrong CGI.pm 3.31
    cpe:2.3:a:andy_armstrong:cgi.pm:3.31
  • Andy Armstrong CGI.pm 3.34
    cpe:2.3:a:andy_armstrong:cgi.pm:3.34
  • Andy Armstrong CGI.pm 3.33
    cpe:2.3:a:andy_armstrong:cgi.pm:3.33
  • Andy Armstrong CGI.pm 3.36
    cpe:2.3:a:andy_armstrong:cgi.pm:3.36
  • Andy Armstrong CGI.pm 3.35
    cpe:2.3:a:andy_armstrong:cgi.pm:3.35
  • Andy Armstrong CGI.pm 3.45
    cpe:2.3:a:andy_armstrong:cgi.pm:3.45
  • Andy Armstrong CGI.pm 3.46
    cpe:2.3:a:andy_armstrong:cgi.pm:3.46
  • Andy Armstrong CGI.pm 3.47
    cpe:2.3:a:andy_armstrong:cgi.pm:3.47
  • Andy Armstrong CGI.pm 3.48
    cpe:2.3:a:andy_armstrong:cgi.pm:3.48
  • Andy Armstrong CGI.pm 3.08
    cpe:2.3:a:andy_armstrong:cgi.pm:3.08
  • Andy Armstrong CGI.pm 3.07
    cpe:2.3:a:andy_armstrong:cgi.pm:3.07
  • Andy Armstrong CGI.pm 3.06
    cpe:2.3:a:andy_armstrong:cgi.pm:3.06
  • Andy Armstrong CGI.pm 3.05
    cpe:2.3:a:andy_armstrong:cgi.pm:3.05
  • Andy Armstrong CGI.pm 3.12
    cpe:2.3:a:andy_armstrong:cgi.pm:3.12
  • Andy Armstrong CGI.pm 3.11
    cpe:2.3:a:andy_armstrong:cgi.pm:3.11
  • Andy Armstrong CGI.pm 3.10
    cpe:2.3:a:andy_armstrong:cgi.pm:3.10
  • Andy Armstrong CGI.pm 3.09
    cpe:2.3:a:andy_armstrong:cgi.pm:3.09
  • Andy Armstrong CGI.pm 3.00
    cpe:2.3:a:andy_armstrong:cgi.pm:3.00
  • Andy Armstrong CGI.pm 2.99
    cpe:2.3:a:andy_armstrong:cgi.pm:2.99
  • Andy Armstrong CGI.pm 2.98
    cpe:2.3:a:andy_armstrong:cgi.pm:2.98
  • Andy Armstrong CGI.pm 2.97
    cpe:2.3:a:andy_armstrong:cgi.pm:2.97
  • Andy Armstrong CGI.pm 3.04
    cpe:2.3:a:andy_armstrong:cgi.pm:3.04
  • Andy Armstrong CGI.pm 3.03
    cpe:2.3:a:andy_armstrong:cgi.pm:3.03
  • Andy Armstrong CGI.pm 3.02
    cpe:2.3:a:andy_armstrong:cgi.pm:3.02
  • Andy Armstrong CGI.pm 3.01
    cpe:2.3:a:andy_armstrong:cgi.pm:3.01
  • Andy Armstrong CGI.pm 3.23
    cpe:2.3:a:andy_armstrong:cgi.pm:3.23
  • Andy Armstrong CGI.pm 3.24
    cpe:2.3:a:andy_armstrong:cgi.pm:3.24
  • Andy Armstrong CGI.pm 3.21
    cpe:2.3:a:andy_armstrong:cgi.pm:3.21
  • Andy Armstrong CGI.pm 3.22
    cpe:2.3:a:andy_armstrong:cgi.pm:3.22
  • Andy Armstrong CGI.pm 3.27
    cpe:2.3:a:andy_armstrong:cgi.pm:3.27
  • Andy Armstrong CGI.pm 3.28
    cpe:2.3:a:andy_armstrong:cgi.pm:3.28
  • Andy Armstrong CGI.pm 3.25
    cpe:2.3:a:andy_armstrong:cgi.pm:3.25
  • Andy Armstrong CGI.pm 3.26
    cpe:2.3:a:andy_armstrong:cgi.pm:3.26
  • Andy Armstrong CGI.pm 3.15
    cpe:2.3:a:andy_armstrong:cgi.pm:3.15
  • Andy Armstrong CGI.pm 3.16
    cpe:2.3:a:andy_armstrong:cgi.pm:3.16
  • Andy Armstrong CGI.pm 3.13
    cpe:2.3:a:andy_armstrong:cgi.pm:3.13
  • Andy Armstrong CGI.pm 3.14
    cpe:2.3:a:andy_armstrong:cgi.pm:3.14
  • Andy Armstrong CGI.pm 3.19
    cpe:2.3:a:andy_armstrong:cgi.pm:3.19
  • Andy Armstrong CGI.pm 3.20
    cpe:2.3:a:andy_armstrong:cgi.pm:3.20
  • Andy Armstrong CGI.pm 3.17
    cpe:2.3:a:andy_armstrong:cgi.pm:3.17
  • Andy Armstrong CGI.pm 3.18
    cpe:2.3:a:andy_armstrong:cgi.pm:3.18
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.50
    cpe:2.3:a:andy_armstrong:cgi.pm:3.50
CVSS
Base: 4.3 (as of 07-12-2010 - 14:14)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-008.NASL
    description A vulnerability has been found and corrected in perl-CGI : Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761 (CVE-2010-4411). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to the latest version (3.51) which is not affected by this issue and in turn also brings many bugfixes.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 51800
    published 2011-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51800
    title Mandriva Linux Security Advisory : perl-CGI (MDVSA-2011:008)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_PERL-CGI-SIMPLE-110127.NASL
    description The following vulnerabilities have been fixed in perl-CGI-Simple: CVE-2010-4410 - crlf injection CVE-2010-4411 - incomplete fix for crlf injection
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53791
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53791
    title openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0083-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1129-1.NASL
    description It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. (CVE-2010-1168, CVE-2010-1447) It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-2761, CVE-2010-4411) It was discovered that the CGI.pm Perl module incorrectly handled newline characters. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-4410) It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input. An attacker could use this flaw to bypass intended restrictions. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55090
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55090
    title Ubuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : perl vulnerabilities (USN-1129-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-03 (Bugzilla: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers. A local attacker could disclose the contents of temporarfy files for uploaded attachments. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56445
    published 2011-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56445
    title GLSA-201110-03 : Bugzilla: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_PERL-110112.NASL
    description Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75705
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75705
    title openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_PERL-CGI-SIMPLE-110127.NASL
    description The following vulnerabilities have been fixed in perl-CGI-Simple: CVE-2010-4410 - crlf injection CVE-2010-4411 - incomplete fix for crlf injection
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75709
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75709
    title openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0083-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_141552-04.NASL
    description SunOS 5.10: Apache 2 mod_perl Perl cgi pat. Date this patch was last updated by Sun : Apr/20/11
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107527
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107527
    title Solaris 10 (sparc) : 141552-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141553-04.NASL
    description SunOS 5.10_x86: Apache 2 mod_perl Perl cgi. Date this patch was last updated by Sun : Apr/20/11
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 108026
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108026
    title Solaris 10 (x86) : 141553-04
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_PERL-110112.NASL
    description Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53789
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53789
    title openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0741.NASL
    description Some serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 51855
    published 2011-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51855
    title Fedora 14 : bugzilla-3.6.4-1.fc14 (2011-0741)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C8C927E5289111E08F2600151735203A.NASL
    description A Bugzilla Security Advisory reports : This advisory covers three security issues that have recently been fixed in the Bugzilla code : - A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. - A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages in Bugzilla. - If you put a harmful 'javascript:' or 'data:' URL into Bugzilla's 'URL' field, then there are multiple situations in which Bugzilla will unintentionally make that link clickable. - Various pages lack protection against cross-site request forgeries. All affected installations are encouraged to upgrade as soon as possible.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 51670
    published 2011-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51670
    title FreeBSD : bugzilla -- multiple serious vulnerabilities (c8c927e5-2891-11e0-8f26-00151735203a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0755.NASL
    description Some serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 51856
    published 2011-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51856
    title Fedora 13 : bugzilla-3.4.10-1.fc13 (2011-0755)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PERL-7316.NASL
    description Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. - have been assigned to this issue. (CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411)
    last seen 2019-02-21
    modified 2012-10-03
    plugin id 51641
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51641
    title SuSE 10 Security Update : Perl (ZYPP Patch Number 7316)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PERL-110112.NASL
    description Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411 have been assigned to this issue.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51630
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51630
    title SuSE 11.1 Security Update : perl (SAT Patch Number 3804)
refmap via4
confirm
fedora
  • FEDORA-2011-0741
  • FEDORA-2011-0755
mandriva MDVSA-2011:008
mlist [oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)
secunia
  • 43033
  • 43068
  • 43165
suse
  • SUSE-SR:2011:002
  • SUSE-SR:2011:005
vupen
  • ADV-2011-0106
  • ADV-2011-0207
  • ADV-2011-0212
  • ADV-2011-0271
Last major update 11-02-2014 - 23:24
Published 06-12-2010 - 15:13
Back to Top