CVE-2010-4411 — Code Injection in Libcgi-pm-perl

CWE-94 — Code Injection8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 21.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Libcgi-pm-perl Debian Libcgi-simple-perl +3 more

Timeline

PublishedDec 6

Latest updateMay 17

Description

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

▶debiandebian/perl< libcgi-pm-perl 3.51-1 (bookworm)

▶debiandebian/libcgi-pm-perl< libcgi-pm-perl 3.51-1 (bookworm)

▶debiandebian/libcgi-simple-perl< libcgi-pm-perl 3.51-1 (bookworm)

▶Debianperl/perl< 5.10.1-17+3

▶NVDmozilla/bugzilla3.2.9+97

🔴Vulnerability Details

GHSA

GHSA-93g6-7v2r-h2r4: CRLF injection vulnerability in chart↗2022-05-17

▶

GHSA

GHSA-wj7r-99wr-72wm: Unspecified vulnerability in CGI↗2022-05-17

▶

OSV

CVE-2010-4411: Unspecified vulnerability in CGI↗2010-12-06

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2011-05-03

▶

Debian

CVE-2010-4411: libcgi-pm-perl - Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to ...↗2010

▶

💬Community

Bugzilla

bugzilla: multiple security issues↗2011-01-26

▶