Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5526

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5526
Last Modified 23 Oct 2013 11:42:22
Published 21 Nov 2012 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5526

Summary

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Vulnerable Systems

Application

  • Andy Armstrong Cgi.pm 3.62


References

MISC - https://github.com/markstos/CGI.pm/pull/23

XF - perl-cgipm-header-injection(80098)

SECTRACK - 1027780

BID - 56562

MLIST - [oss-security] 20121115 Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers

CONFIRM - http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes

UBUNTU - USN-1643-1

SECUNIA - 51457

DEBIAN - DSA-2586

REDHAT - RHSA-2013:0685

SECUNIA - 55314


Last Updated: 27 May 2016 10:58:29