CVE-2010-4410 — Code Injection in CGI Simple
Severity
7.3HIGHNVD
NVD4.3OSV4.3
EPSS
0.8%
top 25.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 6
Latest updateAug 29
Description
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages7 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
5Debian▶
CVE-2025-40927: libcgi-simple-perl - CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw Th...↗2025
Red Hat▶
perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting↗2010-11-10
Red Hat▶
perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting↗2010-11-10
Debian▶
CVE-2010-4410: libcgi-pm-perl - CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 an...↗2010
💬Community
4Bugzilla▶
perl-CGI, perl-CGI-Simple: CVE-2010-2761 - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting [fedora-all]↗2011-10-05
Bugzilla▶
perl-CGI, perl-CGI-Simple: CVE-2010-2761 - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting↗2010-12-01
Bugzilla▶
perl-CGI-Simple: CVE-2010-2761 -- hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, CVE-2010-4410 -- CRLF injection vulnerability in the header function flaws [fedora-a↗2010-12-01