Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4410

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-4410
Last Modified 11 Feb 2014 11:24:14
Published 06 Dec 2010 03:13:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-4410

Summary

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

Vulnerable Systems

Application

  • Andy Armstrong Cgi-simple 0.078

  • Andy Armstrong Cgi-simple 0.079

  • Andy Armstrong Cgi-simple 0.080

  • Andy Armstrong Cgi-simple 0.081

  • Andy Armstrong Cgi-simple 0.082

  • Andy Armstrong Cgi-simple 0.83

  • Andy Armstrong Cgi-simple 1.0

  • Andy Armstrong Cgi-simple 1.1

  • Andy Armstrong Cgi-simple 1.1.1

  • Andy Armstrong Cgi-simple 1.1.2

  • Andy Armstrong Cgi-simple 1.103

  • Andy Armstrong Cgi-simple 1.104

  • Andy Armstrong Cgi-simple 1.105

  • Andy Armstrong Cgi-simple 1.106

  • Andy Armstrong Cgi-simple 1.107

  • Andy Armstrong Cgi-simple 1.108

  • Andy Armstrong Cgi-simple 1.109

  • Andy Armstrong Cgi-simple 1.110

  • Andy Armstrong Cgi-simple 1.111

  • Andy Armstrong Cgi-simple 1.112

  • Andy Armstrong Cgi.pm 1.4

  • Andy Armstrong Cgi.pm 1.42

  • Andy Armstrong Cgi.pm 1.43

  • Andy Armstrong Cgi.pm 1.44

  • Andy Armstrong Cgi.pm 1.45

  • Andy Armstrong Cgi.pm 1.50

  • Andy Armstrong Cgi.pm 1.51

  • Andy Armstrong Cgi.pm 1.52

  • Andy Armstrong Cgi.pm 1.53

  • Andy Armstrong Cgi.pm 1.54

  • Andy Armstrong Cgi.pm 1.55

  • Andy Armstrong Cgi.pm 1.56

  • Andy Armstrong Cgi.pm 1.57

  • Andy Armstrong Cgi.pm 2.0

  • Andy Armstrong Cgi.pm 2.01

  • Andy Armstrong Cgi.pm 2.13

  • Andy Armstrong Cgi.pm 2.14

  • Andy Armstrong Cgi.pm 2.15

  • Andy Armstrong Cgi.pm 2.16

  • Andy Armstrong Cgi.pm 2.17

  • Andy Armstrong Cgi.pm 2.18

  • Andy Armstrong Cgi.pm 2.19

  • Andy Armstrong Cgi.pm 2.20

  • Andy Armstrong Cgi.pm 2.21

  • Andy Armstrong Cgi.pm 2.22

  • Andy Armstrong Cgi.pm 2.23

  • Andy Armstrong Cgi.pm 2.24

  • Andy Armstrong Cgi.pm 2.25

  • Andy Armstrong Cgi.pm 2.26

  • Andy Armstrong Cgi.pm 2.27

  • Andy Armstrong Cgi.pm 2.28

  • Andy Armstrong Cgi.pm 2.29

  • Andy Armstrong Cgi.pm 2.30

  • Andy Armstrong Cgi.pm 2.31

  • Andy Armstrong Cgi.pm 2.32

  • Andy Armstrong Cgi.pm 2.33

  • Andy Armstrong Cgi.pm 2.34

  • Andy Armstrong Cgi.pm 2.35

  • Andy Armstrong Cgi.pm 2.36

  • Andy Armstrong Cgi.pm 2.37

  • Andy Armstrong Cgi.pm 2.38

  • Andy Armstrong Cgi.pm 2.39

  • Andy Armstrong Cgi.pm 2.40

  • Andy Armstrong Cgi.pm 2.41

  • Andy Armstrong Cgi.pm 2.42

  • Andy Armstrong Cgi.pm 2.43

  • Andy Armstrong Cgi.pm 2.44

  • Andy Armstrong Cgi.pm 2.45

  • Andy Armstrong Cgi.pm 2.46

  • Andy Armstrong Cgi.pm 2.47

  • Andy Armstrong Cgi.pm 2.48

  • Andy Armstrong Cgi.pm 2.49

  • Andy Armstrong Cgi.pm 2.50

  • Andy Armstrong Cgi.pm 2.51

  • Andy Armstrong Cgi.pm 2.52

  • Andy Armstrong Cgi.pm 2.53

  • Andy Armstrong Cgi.pm 2.54

  • Andy Armstrong Cgi.pm 2.55

  • Andy Armstrong Cgi.pm 2.56

  • Andy Armstrong Cgi.pm 2.57

  • Andy Armstrong Cgi.pm 2.58

  • Andy Armstrong Cgi.pm 2.59

  • Andy Armstrong Cgi.pm 2.60

  • Andy Armstrong Cgi.pm 2.61

  • Andy Armstrong Cgi.pm 2.62

  • Andy Armstrong Cgi.pm 2.63

  • Andy Armstrong Cgi.pm 2.64

  • Andy Armstrong Cgi.pm 2.65

  • Andy Armstrong Cgi.pm 2.66

  • Andy Armstrong Cgi.pm 2.67

  • Andy Armstrong Cgi.pm 2.68

  • Andy Armstrong Cgi.pm 2.69

  • Andy Armstrong Cgi.pm 2.70

  • Andy Armstrong Cgi.pm 2.71

  • Andy Armstrong Cgi.pm 2.72

  • Andy Armstrong Cgi.pm 2.73

  • Andy Armstrong Cgi.pm 2.74

  • Andy Armstrong Cgi.pm 2.75

  • Andy Armstrong Cgi.pm 2.751

  • Andy Armstrong Cgi.pm 2.752

  • Andy Armstrong Cgi.pm 2.76

  • Andy Armstrong Cgi.pm 2.77

  • Andy Armstrong Cgi.pm 2.78

  • Andy Armstrong Cgi.pm 2.79

  • Andy Armstrong Cgi.pm 2.80

  • Andy Armstrong Cgi.pm 2.81

  • Andy Armstrong Cgi.pm 2.82

  • Andy Armstrong Cgi.pm 2.83

  • Andy Armstrong Cgi.pm 2.84

  • Andy Armstrong Cgi.pm 2.85

  • Andy Armstrong Cgi.pm 2.86

  • Andy Armstrong Cgi.pm 2.87

  • Andy Armstrong Cgi.pm 2.88

  • Andy Armstrong Cgi.pm 2.89

  • Andy Armstrong Cgi.pm 2.90

  • Andy Armstrong Cgi.pm 2.91

  • Andy Armstrong Cgi.pm 2.92

  • Andy Armstrong Cgi.pm 2.93

  • Andy Armstrong Cgi.pm 2.94

  • Andy Armstrong Cgi.pm 2.95

  • Andy Armstrong Cgi.pm 2.96

  • Andy Armstrong Cgi.pm 2.97

  • Andy Armstrong Cgi.pm 2.98

  • Andy Armstrong Cgi.pm 2.99

  • Andy Armstrong Cgi.pm 3.00

  • Andy Armstrong Cgi.pm 3.01

  • Andy Armstrong Cgi.pm 3.02

  • Andy Armstrong Cgi.pm 3.03

  • Andy Armstrong Cgi.pm 3.04

  • Andy Armstrong Cgi.pm 3.05

  • Andy Armstrong Cgi.pm 3.06

  • Andy Armstrong Cgi.pm 3.07

  • Andy Armstrong Cgi.pm 3.08

  • Andy Armstrong Cgi.pm 3.09

  • Andy Armstrong Cgi.pm 3.10

  • Andy Armstrong Cgi.pm 3.11

  • Andy Armstrong Cgi.pm 3.12

  • Andy Armstrong Cgi.pm 3.13

  • Andy Armstrong Cgi.pm 3.14

  • Andy Armstrong Cgi.pm 3.15

  • Andy Armstrong Cgi.pm 3.16

  • Andy Armstrong Cgi.pm 3.17

  • Andy Armstrong Cgi.pm 3.18

  • Andy Armstrong Cgi.pm 3.19

  • Andy Armstrong Cgi.pm 3.20

  • Andy Armstrong Cgi.pm 3.21

  • Andy Armstrong Cgi.pm 3.22

  • Andy Armstrong Cgi.pm 3.23

  • Andy Armstrong Cgi.pm 3.24

  • Andy Armstrong Cgi.pm 3.25

  • Andy Armstrong Cgi.pm 3.26

  • Andy Armstrong Cgi.pm 3.27

  • Andy Armstrong Cgi.pm 3.28

  • Andy Armstrong Cgi.pm 3.29

  • Andy Armstrong Cgi.pm 3.30

  • Andy Armstrong Cgi.pm 3.31

  • Andy Armstrong Cgi.pm 3.32

  • Andy Armstrong Cgi.pm 3.33

  • Andy Armstrong Cgi.pm 3.34

  • Andy Armstrong Cgi.pm 3.35

  • Andy Armstrong Cgi.pm 3.36

  • Andy Armstrong Cgi.pm 3.37

  • Andy Armstrong Cgi.pm 3.38

  • Andy Armstrong Cgi.pm 3.39

  • Andy Armstrong Cgi.pm 3.40

  • Andy Armstrong Cgi.pm 3.41

  • Andy Armstrong Cgi.pm 3.42

  • Andy Armstrong Cgi.pm 3.43

  • Andy Armstrong Cgi.pm 3.44

  • Andy Armstrong Cgi.pm 3.45

  • Andy Armstrong Cgi.pm 3.46

  • Andy Armstrong Cgi.pm 3.47

  • Andy Armstrong Cgi.pm 3.48

  • Andy Armstrong Cgi.pm 3.49


References

CONFIRM - http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html

CONFIRM - http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1

CONFIRM - http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm

MLIST - [oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)

MLIST - [oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=658970

VUPEN - ADV-2011-0249

VUPEN - ADV-2011-0212

VUPEN - ADV-2010-3230

BID - 45145

BID - 44199

MANDRIVA - MDVSA-2010:252

MANDRIVA - MDVSA-2010:237

SECUNIA - 43147

SECUNIA - 43068

SUSE - SUSE-SR:2011:002

FEDORA - FEDORA-2011-0653

FEDORA - FEDORA-2011-0631

CONFIRM - http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes

REDHAT - RHSA-2011:1797

SUSE - SUSE-SR:2011:005

Related Patches

Red Hat 2011:1797-01 RHSA Moderate: perl security update for RHEL 4 x86

Red Hat 2011:1797-01 RHSA Moderate: perl security update for RHEL 5 x86

Red Hat 2011:1797-01 RHSA Moderate: perl security update for RHEL 5 x86_64

Red Hat 2011:1797-01 RHSA Moderate: perl security update for RHEL 4 x86_64

Novell SUSE 2011:7316 perl security update for SLE 10 SP3 i586

Novell SUSE 2011:7316 perl security update for SLE 10 SP3 x86_64


Last Updated: 27 May 2016 10:58:03