Published: 21/11/2012 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 540

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

CGI.pm module prior to 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote malicious users to inject arbitrary headers into responses from applications that use CGI.pm.

Vulnerable Product	Search on Vulmon	Subscribe to Product
andy armstrong cgi.pm

Synopsis Moderate: perl security update Type/Severity Security Advisory: Moderate Topic Updated perl packages that fix multiple security issues now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingmoderate security impact Common Vulnerability S ...

Perl programs could be made to crash or run programs if they receive specially crafted network traffic or other input ...

Debian Bug report logs - #694279 libdancer-perl: CVE-2012-5572: Cookie name CRLF injection Package: libdancer-perl; Maintainer for libdancer-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libdancer-perl is src:libdancer-perl (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <car ...

Debian Bug report logs - #689314 perl: segfaults when echoing a very long string [CVE-2012-5195] Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Thorsten Glaser <tg@mirbsdde> Date: Mon, 1 Oct 2012 14:12:01 UTC Severity: grave Tags: ...

Debian Bug report logs - #693420 CVE-2012-5526 CGIpm: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers Package: perl-modules; Maintainer for perl-modules is Niko Tyni <ntyni@debianorg>; Source for perl-modules is src:perl (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debian ...

Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195 The x operator could cause the Perl interpreter to crash if very long strings were created CVE-2012-5526 The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers In addition, this update adds a ...

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers For the stable distribution (squeeze), this problem has been fixed in version 349-1squeeze2 For the unstable distribution (sid), this problem has been fixed in version 361-2 We re ...

A heap overflow flaw was found in Perl If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-5195) A denial of service flaw was found in the way ...

CWE-16 http://www.securityfocus.com/bid/56562 http://www.openwall.com/lists/oss-security/2012/11/15/6 https://github.com/markstos/CGI.pm/pull/23 http://www.securitytracker.com/id?1027780 http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes http://secunia.com/advisories/51457 http://www.ubuntu.com/usn/USN-1643-1 http://www.debian.org/security/2012/dsa-2586 http://rhn.redhat.com/errata/RHSA-2013-0685.html http://secunia.com/advisories/55314 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://exchange.xforce.ibmcloud.com/vulnerabilities/80098 https://access.redhat.com/errata/RHSA-2013:0685 https://usn.ubuntu.com/1643-1/https://nvd.nist.gov

CVE-2012-5526

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect