CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-2586-1 | perl security update |
Debian DSA |
DSA-2587-1 | libcgi-pm-perl security update |
EUVD |
EUVD-2012-5418 | CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. |
Ubuntu USN |
USN-1643-1 | Perl vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T21:05:47.348Z
Reserved: 2012-10-24T00:00:00
Link: CVE-2012-5526
No data.
Status : Deferred
Published: 2012-11-21T23:55:02.367
Modified: 2025-04-11T00:51:21.963
Link: CVE-2012-5526
OpenCVE Enrichment
No data.
Debian DSA
EUVD
Ubuntu USN