Lucene search

K
cveRedhatCVE-2012-5526
HistoryNov 21, 2012 - 11:55 p.m.

CVE-2012-5526

2012-11-2123:55:02
CWE-16
redhat
web.nvd.nist.gov
68
cgi.pm
perl
cve-2012-5526
security vulnerability
remote attack

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.008

Percentile

81.5%

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Affected configurations

Nvd
Node
andy_armstrongcgi.pmRange3.62
VendorProductVersionCPE
andy_armstrongcgi.pm*cpe:2.3:a:andy_armstrong:cgi.pm:*:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.008

Percentile

81.5%