ID CVE-2010-4410
Summary CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.
References
Vulnerable Configurations
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.42:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.42:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.43:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.43:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.44:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.44:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.45:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.45:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.50:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.50:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.51:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.51:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.52:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.52:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.53:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.53:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.54:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.54:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.55:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.55:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.56:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.56:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:1.57:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:1.57:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.15:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.16:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.17:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.18:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.19:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.20:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.21:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.22:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.23:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.24:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.25:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.26:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.27:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.28:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.28:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.29:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.29:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.30:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.30:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.31:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.31:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.33:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.33:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.34:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.34:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.35:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.35:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.36:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.36:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.37:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.37:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.38:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.38:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.39:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.39:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.40:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.40:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.41:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.41:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.42:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.42:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.43:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.43:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.44:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.44:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.45:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.45:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.46:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.46:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.47:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.47:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.48:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.48:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.49:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.49:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.50:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.50:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.51:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.51:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.52:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.52:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.53:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.53:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.54:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.54:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.55:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.55:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.56:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.56:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.57:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.57:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.58:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.58:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.59:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.59:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.60:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.60:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.61:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.61:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.62:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.62:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.63:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.63:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.64:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.64:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.65:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.65:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.66:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.66:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.67:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.67:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.68:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.68:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.69:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.69:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.70:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.70:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.71:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.71:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.72:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.72:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.73:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.73:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.74:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.74:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.75:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.75:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.76:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.76:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.77:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.77:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.78:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.78:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.79:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.79:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.80:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.80:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.81:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.81:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.82:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.82:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.83:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.83:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.84:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.84:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.85:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.85:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.86:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.86:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.87:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.87:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.88:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.88:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.89:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.89:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.90:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.90:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.91:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.91:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.92:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.92:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.93:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.93:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.94:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.94:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.95:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.95:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.96:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.96:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.97:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.97:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.98:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.98:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.99:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.99:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.751:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.751:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:2.752:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:2.752:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.00:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.00:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.01:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.01:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.02:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.02:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.03:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.03:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.04:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.04:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.05:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.05:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.06:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.06:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.07:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.07:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.08:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.08:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.09:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.09:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.13:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.15:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.16:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.17:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.18:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.19:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.20:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.21:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.21:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.22:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.23:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.24:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.25:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.26:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.27:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.28:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.29:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.30:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.31:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.32:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.33:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.34:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.35:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.36:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.37:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.38:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.38:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.39:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.39:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.40:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.40:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.41:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.41:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.42:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.42:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.43:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.43:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.44:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.44:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.45:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.45:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.46:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.46:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.47:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.47:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.48:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.48:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi.pm:3.49:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi.pm:3.49:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:0.078:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:0.078:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:0.079:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:0.079:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:0.080:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:0.080:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:0.081:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:0.081:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:0.082:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:0.082:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:0.83:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:0.83:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.103:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.103:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.104:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.104:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.105:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.105:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.106:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.106:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.107:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.107:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.108:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.108:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.109:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.109:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.110:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.110:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.111:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.111:*:*:*:*:*:*:*
  • cpe:2.3:a:andy_armstrong:cgi-simple:1.112:*:*:*:*:*:*:*
    cpe:2.3:a:andy_armstrong:cgi-simple:1.112:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-12-2016 - 03:01)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Code Injection
    An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2011:1797
rpms
  • perl-4:5.10.1-119.el6
  • perl-Archive-Extract-1:0.38-119.el6
  • perl-Archive-Tar-0:1.58-119.el6
  • perl-CGI-0:3.51-119.el6
  • perl-CPAN-0:1.9402-119.el6
  • perl-CPANPLUS-0:0.88-119.el6
  • perl-Compress-Raw-Zlib-0:2.023-119.el6
  • perl-Compress-Zlib-0:2.020-119.el6
  • perl-Digest-SHA-1:5.47-119.el6
  • perl-ExtUtils-CBuilder-1:0.27-119.el6
  • perl-ExtUtils-Embed-0:1.28-119.el6
  • perl-ExtUtils-MakeMaker-0:6.55-119.el6
  • perl-ExtUtils-ParseXS-1:2.2003.0-119.el6
  • perl-File-Fetch-0:0.26-119.el6
  • perl-IO-Compress-Base-0:2.020-119.el6
  • perl-IO-Compress-Zlib-0:2.020-119.el6
  • perl-IO-Zlib-1:1.09-119.el6
  • perl-IPC-Cmd-1:0.56-119.el6
  • perl-Locale-Maketext-Simple-1:0.18-119.el6
  • perl-Log-Message-1:0.02-119.el6
  • perl-Log-Message-Simple-0:0.04-119.el6
  • perl-Module-Build-1:0.3500-119.el6
  • perl-Module-CoreList-0:2.18-119.el6
  • perl-Module-Load-1:0.16-119.el6
  • perl-Module-Load-Conditional-0:0.30-119.el6
  • perl-Module-Loaded-1:0.02-119.el6
  • perl-Module-Pluggable-1:3.90-119.el6
  • perl-Object-Accessor-1:0.34-119.el6
  • perl-Package-Constants-1:0.02-119.el6
  • perl-Params-Check-1:0.26-119.el6
  • perl-Parse-CPAN-Meta-1:1.40-119.el6
  • perl-Pod-Escapes-1:1.04-119.el6
  • perl-Pod-Simple-1:3.13-119.el6
  • perl-Term-UI-0:0.20-119.el6
  • perl-Test-Harness-0:3.17-119.el6
  • perl-Test-Simple-0:0.92-119.el6
  • perl-Time-HiRes-4:1.9721-119.el6
  • perl-Time-Piece-0:1.15-119.el6
  • perl-core-0:5.10.1-119.el6
  • perl-debuginfo-4:5.10.1-119.el6
  • perl-devel-4:5.10.1-119.el6
  • perl-libs-4:5.10.1-119.el6
  • perl-parent-1:0.221-119.el6
  • perl-suidperl-4:5.10.1-119.el6
  • perl-version-3:0.77-119.el6
  • perl-3:5.8.5-57.el4
  • perl-4:5.8.8-32.el5_7.6
  • perl-debuginfo-3:5.8.5-57.el4
  • perl-debuginfo-4:5.8.8-32.el5_7.6
  • perl-suidperl-3:5.8.5-57.el4
  • perl-suidperl-4:5.8.8-32.el5_7.6
refmap via4
bid
  • 44199
  • 45145
confirm
fedora
  • FEDORA-2011-0631
  • FEDORA-2011-0653
mandriva
  • MDVSA-2010:237
  • MDVSA-2010:252
mlist
  • [oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)
  • [oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)
secunia
  • 43068
  • 43147
suse
  • SUSE-SR:2011:002
  • SUSE-SR:2011:005
vupen
  • ADV-2010-3230
  • ADV-2011-0212
  • ADV-2011-0249
Last major update 08-12-2016 - 03:01
Published 06-12-2010 - 20:13
Last modified 08-12-2016 - 03:01
Back to Top