CVE-2012-5572 — Improper Input Validation in Dancer

CWE-20 — Improper Input Validation6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 33.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libdancer-perl Dancer

Timeline

PublishedMay 30

Latest updateMay 17

Description

CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/libdancer-perl< libdancer-perl 1.3114+dfsg-1 (bookworm)

▶NVDdancer/dancer1.3113+9

🔴Vulnerability Details

GHSA

GHSA-cqwv-qc24-9rvm: CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie↗2022-05-17

▶

OSV

CVE-2012-5572: CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie↗2014-05-30

▶

📋Vendor Advisories

Debian

CVE-2012-5572: libdancer-perl - CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Danc...↗2012

▶

💬Community

Bugzilla

CVE-2012-5572 perl-Dancer: Newline injection due to improper CRLF escaping in cookie() and cookies() methods↗2012-11-26

▶

Bugzilla

CVE-2012-5572 perl-Dancer: Newline injection due to improper CRLF escaping in cookie() and cookies() methods [fedora-all]↗2012-11-26

▶