Lucene search

K
f5F5F5:K55423848
HistorySep 13, 2017 - 12:00 a.m.

K55423848 : CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410

2017-09-1300:00:00
my.f5.com
50

AI Score

9

Confidence

High

EPSS

0.008

Percentile

81.8%

Security Advisory Description

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

Impact

There is no impact; F5 products are not affected by this vulnerability.