CGI.pm module prior to 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote malicious users to inject arbitrary headers into responses from applications that use CGI.pm.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
andy armstrong cgi.pm |