CVE-2010-4411 - OpenCVE

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Andy Armstrong	Cgi.pm

Configuration 1 [-]

OR	cpe:2.3:a:andy_armstrong:cgi.pm::::::::
	cpe:2.3:a:andy_armstrong:cgi.pm:1.4:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.42:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.43:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.44:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.45:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.50:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.51:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.52:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.53:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.54:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.55:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.56:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:1.57:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.0:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.01:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.13:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.14:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.15:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.16:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.17:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.18:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.19:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.20:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.21:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.22:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.23:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.24:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.25:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.26:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.27:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.28:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.29:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.30:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.31:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.32:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.33:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.34:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.35:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.36:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.37:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.38:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.39:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.40:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.41:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.42:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.43:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.44:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.45:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.46:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.47:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.48:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.49:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.50:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.51:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.52:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.53:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.54:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.55:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.56:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.57:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.58:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.59:::::::*
	cpe:2.3:a:andy_armstrong:cgi.pm:2.60:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.61:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.62:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.63:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.64:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.65:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.66:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.67:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.68:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.69:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.70:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.71:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.72:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.73:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.74:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.75:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.76:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.77:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.78:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.79:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.80:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.81:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.82:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.83:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.84:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.85:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.86:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.87:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.88:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.89:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.90:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.91:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.92:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.93:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.94:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.95:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.96:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.97:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.98:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.99:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.751:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.752:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.00:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.01:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.02:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.03:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.04:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.05:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.06:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.07:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.08:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.09:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.10:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.11:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.12:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.13:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.14:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.15:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.16:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.17:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.18:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.19:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.20:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.21:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.22:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.23:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.24:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.25:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.26:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.27:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.28:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.29:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.30:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.31:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.32:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.33:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.34:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.35:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.36:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.37:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.38:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.39:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.40:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.41:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.42:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.43:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.44:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.45:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.46:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.47:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.48:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.49:::::::*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2010/12/01/3
http://secunia.com/advisories/43033
http://secunia.com/advisories/43068
http://secunia.com/advisories/43165
http://www.bugzilla.org/security/3.2.9/
http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
http://www.vupen.com/english/advisories/2011/0106
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0271
https://bugzilla.mozilla.org/show_bug.cgi?id=591165

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-06T20:00:00

Updated: 2024-08-07T03:43:14.919Z

Reserved: 2010-12-06T00:00:00

Link: CVE-2010-4411

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-12-06T20:13:00.670

Modified: 2014-02-12T04:24:14.830

Link: CVE-2010-4411

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object