Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:252: perl-CGI-Simple

Recommended Posts

A vulnerability was discovered and corrected in perl-CGI-Simple:

 

CRLF injection vulnerability in the header function in (1) CGI.pm

before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows

remote attackers to inject arbitrary HTTP headers and conduct HTTP

response splitting attacks via vectors related to non-whitespace

characters preceded by newline characters, a different vulnerability

than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410).

 

The updated packages have been patched to correct this issue.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...