Lucene search

[email protected]CVE-2011-2766

HistorySep 23, 2011 - 10:55 a.m.

CVE-2011-2766

2011-09-2310:55:03

CWE-287

[email protected]

web.nvd.nist.gov

fcgi

fast cgi

perl

authentication bypass

cve-2011-2766

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

Affected configurations

NVD

Node

fast_cgi_projectfast_cgiRange0.70–0.73perl

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

CPENameOperatorVersion
fast_cgi_project:fast_cgifast cgi project fast cgile0.73

CPE	Name	Operator	Version
fast_cgi_project:fast_cgi	fast cgi project fast cgi	le	0.73

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479

www.debian.org/security/2011/dsa-2327

www.mandriva.com/security/advisories?name=MDVSA-2012:001

www.openwall.com/lists/oss-security/2011/09/08/1

www.openwall.com/lists/oss-security/2011/09/08/2

www.securityfocus.com/bid/49549

bugzilla.redhat.com/show_bug.cgi?id=736604

exchange.xforce.ibmcloud.com/vulnerabilities/69709

hermes.opensuse.org/messages/13154637

hermes.opensuse.org/messages/13155253

rt.cpan.org/Public/Bug/Display.html?id=68380

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVE-2011-2766

nessus10 openvas11 ubuntucve1 debiancve1 amazon1 debian1 prion1 cvelist1 fedora3 nvd1