CVE-2012-5526Improper Input Validation in Libcgi-pm-perl

CWE-16CWE-20Improper Input Validation13 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.7%
top 17.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
PerlDebian Libcgi-pm-perlDebian Libdancer-perl+3 more
Timeline
PublishedNov 21
Latest updateMay 17

Description

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

debiandebian/perl< libcgi-pm-perl 3.61-2 (bookworm)
debiandebian/libcgi-pm-perl< libcgi-pm-perl 3.61-2 (bookworm)
debiandebian/libdancer-perl< libdancer-perl 1.3114+dfsg-1 (bookworm)
Debianperl/perl< 5.14.2-16+3
NVDdancer/dancer1.3113+9

🔴Vulnerability Details

4
GHSA
GHSA-cqwv-qc24-9rvm: CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie2022-05-17
GHSA
GHSA-9x3m-wmpr-vc58: CGI2022-05-17
OSV
CVE-2012-5572: CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie2014-05-30
OSV
CVE-2012-5526: CGI2012-11-21

📋Vendor Advisories

4
Ubuntu
Perl vulnerabilities2012-11-30
Red Hat
perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers2012-11-12
Debian
CVE-2012-5526: libcgi-pm-perl - CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-...2012
Debian
CVE-2012-5572: libdancer-perl - CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Danc...2012

💬Community

3
Bugzilla
CVE-2012-5572 perl-Dancer: Newline injection due to improper CRLF escaping in cookie() and cookies() methods2012-11-26
Bugzilla
CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers2012-11-15
Bugzilla
CVE-2012-1090 kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount2012-02-28