Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-2761

Published: 06/12/2010 Updated: 08/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Andy Armstrong

Vulnerability Summary

The multipart_init function in (1) CGI.pm prior to 3.50 and (2) Simple.pm in CGI::Simple 1.112 and previous versions uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

Vulnerable Product Search on Vulmon Subscribe to Product

andy_armstrong cgi.pm

andy_armstrong cgi.pm 3.41

andy_armstrong cgi.pm 3.40

andy_armstrong cgi.pm 3.33

andy_armstrong cgi.pm 3.32

andy_armstrong cgi.pm 3.25

andy_armstrong cgi.pm 3.24

andy_armstrong cgi.pm 3.16

andy_armstrong cgi.pm 3.15

andy_armstrong cgi.pm 3.43

andy_armstrong cgi.pm 3.42

andy_armstrong cgi.pm 3.35

andy_armstrong cgi.pm 3.34

andy_armstrong cgi.pm 3.27

andy_armstrong cgi.pm 3.26

andy_armstrong cgi.pm 3.18

andy_armstrong cgi.pm 3.17

andy_armstrong cgi.pm 3.10

andy_armstrong cgi.pm 3.09

andy_armstrong cgi.pm 3.02

andy_armstrong cgi.pm 3.01

andy_armstrong cgi.pm 2.93

andy_armstrong cgi.pm 2.92

andy_armstrong cgi.pm 2.85

andy_armstrong cgi.pm 2.84

andy_armstrong cgi.pm 2.77

andy_armstrong cgi.pm 2.76

andy_armstrong cgi.pm 2.752

andy_armstrong cgi.pm 2.70

andy_armstrong cgi.pm 2.69

andy_armstrong cgi.pm 2.62

andy_armstrong cgi.pm 2.61

andy_armstrong cgi.pm 2.54

andy_armstrong cgi.pm 2.53

andy_armstrong cgi.pm 2.52

andy_armstrong cgi.pm 2.45

andy_armstrong cgi.pm 2.44

andy_armstrong cgi.pm 2.37

andy_armstrong cgi.pm 2.36

andy_armstrong cgi.pm 2.28

andy_armstrong cgi.pm 2.27

andy_armstrong cgi.pm 2.20

andy_armstrong cgi.pm 2.19

andy_armstrong cgi.pm 2.01

andy_armstrong cgi.pm 2.0

andy_armstrong cgi.pm 1.50

andy_armstrong cgi.pm 1.45

andy_armstrong cgi.pm 3.48

andy_armstrong cgi.pm 3.47

andy_armstrong cgi.pm 3.39

andy_armstrong cgi.pm 3.38

andy_armstrong cgi.pm 3.31

andy_armstrong cgi.pm 3.30

andy_armstrong cgi.pm 3.23

andy_armstrong cgi.pm 3.22

andy_armstrong cgi.pm 3.21

andy_armstrong cgi.pm 3.14

andy_armstrong cgi.pm 3.13

andy_armstrong cgi.pm 3.06

andy_armstrong cgi.pm 3.05

andy_armstrong cgi.pm 2.97

andy_armstrong cgi.pm 2.96

andy_armstrong cgi.pm 2.89

andy_armstrong cgi.pm 2.88

andy_armstrong cgi.pm 2.81

andy_armstrong cgi.pm 2.80

andy_armstrong cgi.pm 2.74

andy_armstrong cgi.pm 2.73

andy_armstrong cgi.pm 2.66

andy_armstrong cgi.pm 2.65

andy_armstrong cgi.pm 2.58

andy_armstrong cgi.pm 2.57

andy_armstrong cgi.pm 2.49

andy_armstrong cgi.pm 2.48

andy_armstrong cgi.pm 2.41

andy_armstrong cgi.pm 2.40

andy_armstrong cgi.pm 2.33

andy_armstrong cgi.pm 2.32

andy_armstrong cgi.pm 2.24

andy_armstrong cgi.pm 2.23

andy_armstrong cgi.pm 2.16

andy_armstrong cgi.pm 2.15

andy_armstrong cgi.pm 1.55

andy_armstrong cgi.pm 1.54

andy_armstrong cgi.pm 1.53

andy_armstrong cgi.pm 1.42

andy_armstrong cgi.pm 1.4

andy_armstrong cgi.pm 3.08

andy_armstrong cgi.pm 3.07

andy_armstrong cgi.pm 3.00

andy_armstrong cgi.pm 2.99

andy_armstrong cgi.pm 2.98

andy_armstrong cgi.pm 2.91

andy_armstrong cgi.pm 2.90

andy_armstrong cgi.pm 2.83

andy_armstrong cgi.pm 2.82

andy_armstrong cgi.pm 2.751

andy_armstrong cgi.pm 2.75

andy_armstrong cgi.pm 2.68

andy_armstrong cgi.pm 2.67

andy_armstrong cgi.pm 2.60

andy_armstrong cgi.pm 2.59

andy_armstrong cgi.pm 2.51

andy_armstrong cgi.pm 2.50

andy_armstrong cgi.pm 2.43

andy_armstrong cgi.pm 2.42

andy_armstrong cgi.pm 2.35

andy_armstrong cgi.pm 2.34

andy_armstrong cgi.pm 2.26

andy_armstrong cgi.pm 2.25

andy_armstrong cgi.pm 2.18

andy_armstrong cgi.pm 2.17

andy_armstrong cgi.pm 1.57

andy_armstrong cgi.pm 1.56

andy_armstrong cgi.pm 1.44

andy_armstrong cgi.pm 1.43

andy_armstrong cgi.pm 3.46

andy_armstrong cgi.pm 3.45

andy_armstrong cgi.pm 3.44

andy_armstrong cgi.pm 3.37

andy_armstrong cgi.pm 3.36

andy_armstrong cgi.pm 3.29

andy_armstrong cgi.pm 3.28

andy_armstrong cgi.pm 3.20

andy_armstrong cgi.pm 3.19

andy_armstrong cgi.pm 3.12

andy_armstrong cgi.pm 3.11

andy_armstrong cgi.pm 3.04

andy_armstrong cgi.pm 3.03

andy_armstrong cgi.pm 2.95

andy_armstrong cgi.pm 2.94

andy_armstrong cgi.pm 2.87

andy_armstrong cgi.pm 2.86

andy_armstrong cgi.pm 2.79

andy_armstrong cgi.pm 2.78

andy_armstrong cgi.pm 2.72

andy_armstrong cgi.pm 2.71

andy_armstrong cgi.pm 2.64

andy_armstrong cgi.pm 2.63

andy_armstrong cgi.pm 2.56

andy_armstrong cgi.pm 2.55

andy_armstrong cgi.pm 2.47

andy_armstrong cgi.pm 2.46

andy_armstrong cgi.pm 2.39

andy_armstrong cgi.pm 2.38

andy_armstrong cgi.pm 2.31

andy_armstrong cgi.pm 2.30

andy_armstrong cgi.pm 2.29

andy_armstrong cgi.pm 2.22

andy_armstrong cgi.pm 2.21

andy_armstrong cgi.pm 2.14

andy_armstrong cgi.pm 2.13

andy_armstrong cgi.pm 1.52

andy_armstrong cgi.pm 1.51

andy_armstrong cgi-simple 0.078

andy_armstrong cgi-simple 0.080

andy_armstrong cgi-simple 1.1.2

andy_armstrong cgi-simple 1.103

andy_armstrong cgi-simple 1.111

andy_armstrong cgi-simple

andy_armstrong cgi-simple 0.83

andy_armstrong cgi-simple 1.0

andy_armstrong cgi-simple 1.107

andy_armstrong cgi-simple 1.108

andy_armstrong cgi-simple 0.081

andy_armstrong cgi-simple 0.082

andy_armstrong cgi-simple 1.104

andy_armstrong cgi-simple 1.105

andy_armstrong cgi-simple 1.106

andy_armstrong cgi-simple 0.079

andy_armstrong cgi-simple 1.1

andy_armstrong cgi-simple 1.1.1

andy_armstrong cgi-simple 1.109

andy_armstrong cgi-simple 1.110

Vendor Advisories

Red Hat: Moderate: perl security update
Synopsis Moderate: perl security update Type/Severity Security Advisory: Moderate Topic Updated perl packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...
Ubuntu Security Notice: perl vulnerabilities
An attacker could send crafted input to Perl and bypass intended restrictions ...
Debian CVElist Bug Report Logs: libapache2-mod-perl2: PerlOptions -Sections not permitted in server config, but should be
Debian Bug report logs - #644169 libapache2-mod-perl2: PerlOptions -Sections not permitted in server config, but should be Package: libapache2-mod-perl2; Maintainer for libapache2-mod-perl2 is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libapache2-mod-perl2 is src:libapache2-mod-perl2 (PTS, buildd, p ...
Debian CVElist Bug Report Logs: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
Debian Bug report logs - #606370 CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 Package: libcgi-pm-perl; Maintainer for libcgi-pm-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libcgi-pm-perl is src:libcgi-pm-perl (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> ...

References

CWE-94https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changeshttp://openwall.com/lists/oss-security/2010/12/01/1http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.htmlhttp://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pmhttp://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1http://openwall.com/lists/oss-security/2010/12/01/2http://openwall.com/lists/oss-security/2010/12/01/3https://bugzilla.mozilla.org/show_bug.cgi?id=600464http://osvdb.org/69588http://osvdb.org/69589http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:237http://www.vupen.com/english/advisories/2011/0076http://www.mandriva.com/security/advisories?name=MDVSA-2010:250http://secunia.com/advisories/42877https://bugzilla.mozilla.org/show_bug.cgi?id=591165http://www.vupen.com/english/advisories/2011/0207http://www.bugzilla.org/security/3.2.9/http://secunia.com/advisories/43033http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.htmlhttp://secunia.com/advisories/43147http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.htmlhttp://www.vupen.com/english/advisories/2011/0249http://www.vupen.com/english/advisories/2011/0271http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.htmlhttp://www.vupen.com/english/advisories/2011/0212http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/43165http://secunia.com/advisories/43068http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1797.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://access.redhat.com/errata/RHSA-2011:1797https://usn.ubuntu.com/1129-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook