CVE-2010-4410

2010-12-0620:13:00

CWE-94

[email protected]

web.nvd.nist.gov

crlf injection

cgi.pm

cgi::simple

http response splitting

cve-2010-4410

vulnerability

8.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.9%

JSON

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

CPENameOperatorVersion
andy_armstrong:cgi.pmandy armstrong cgi.pmle3.49
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.4
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.42
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.43
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.44
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.45
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.50
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.51
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.52
andy_armstrong:cgi.pmandy armstrong cgi.pmeq1.53

CPE	Name	Operator	Version
andy_armstrong:cgi.pm	andy armstrong cgi.pm	le	3.49
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.4
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.42
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.43
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.44
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.45
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.50
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.51
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.52
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	1.53