CVE-2010-4411

2010-12-0620:13:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cgi.pm

vulnerability

http headers

http response splitting

cve-2010-4411

cve-2010-2761

nvd

9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

CPENameOperatorVersion
andy_armstrong:cgi.pmandy armstrong cgi.pmeq3.01
andy_armstrong:cgi.pmandy armstrong cgi.pmeq3.24
andy_armstrong:cgi.pmandy armstrong cgi.pmeq2.49
andy_armstrong:cgi.pmandy armstrong cgi.pmeq3.20
andy_armstrong:cgi.pmandy armstrong cgi.pmeq2.26
andy_armstrong:cgi.pmandy armstrong cgi.pmeq3.05
andy_armstrong:cgi.pmandy armstrong cgi.pmeq2.83
andy_armstrong:cgi.pmandy armstrong cgi.pmeq3.42
andy_armstrong:cgi.pmandy armstrong cgi.pmeq2.45
andy_armstrong:cgi.pmandy armstrong cgi.pmeq2.44

CPE	Name	Operator	Version
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	3.01
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	3.24
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	2.49
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	3.20
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	2.26
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	3.05
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	2.83
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	3.42
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	2.45
andy_armstrong:cgi.pm	andy armstrong cgi.pm	eq	2.44