Jump to content
Sign in to follow this  

Advisories MDVSA-2010:250: perl-CGI-Simple

Recommended Posts

A vulnerability was discovered and corrected in perl-CGI-Simple:


The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm

in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME

boundary string in multipart/x-mixed-replace content, which allows

remote attackers to inject arbitrary HTTP headers and conduct HTTP

response splitting attacks via crafted input that contains this value,

a different vulnerability than CVE-2010-3172 (CVE-2010-2761).


The updated packages have been patched to correct this issue.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Create New...