Lucene search

K
nvd[email protected]NVD:CVE-2010-2761
HistoryDec 06, 2010 - 8:12 p.m.

CVE-2010-2761

2010-12-0620:12:58
CWE-94
web.nvd.nist.gov
1

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

9.1

Confidence

High

EPSS

0.008

Percentile

81.8%

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

Affected configurations

NVD
Node
andy_armstrongcgi.pmRange3.49
OR
andy_armstrongcgi.pmMatch1.4
OR
andy_armstrongcgi.pmMatch1.42
OR
andy_armstrongcgi.pmMatch1.43
OR
andy_armstrongcgi.pmMatch1.44
OR
andy_armstrongcgi.pmMatch1.45
OR
andy_armstrongcgi.pmMatch1.50
OR
andy_armstrongcgi.pmMatch1.51
OR
andy_armstrongcgi.pmMatch1.52
OR
andy_armstrongcgi.pmMatch1.53
OR
andy_armstrongcgi.pmMatch1.54
OR
andy_armstrongcgi.pmMatch1.55
OR
andy_armstrongcgi.pmMatch1.56
OR
andy_armstrongcgi.pmMatch1.57
OR
andy_armstrongcgi.pmMatch2.0
OR
andy_armstrongcgi.pmMatch2.01
OR
andy_armstrongcgi.pmMatch2.13
OR
andy_armstrongcgi.pmMatch2.14
OR
andy_armstrongcgi.pmMatch2.15
OR
andy_armstrongcgi.pmMatch2.16
OR
andy_armstrongcgi.pmMatch2.17
OR
andy_armstrongcgi.pmMatch2.18
OR
andy_armstrongcgi.pmMatch2.19
OR
andy_armstrongcgi.pmMatch2.20
OR
andy_armstrongcgi.pmMatch2.21
OR
andy_armstrongcgi.pmMatch2.22
OR
andy_armstrongcgi.pmMatch2.23
OR
andy_armstrongcgi.pmMatch2.24
OR
andy_armstrongcgi.pmMatch2.25
OR
andy_armstrongcgi.pmMatch2.26
OR
andy_armstrongcgi.pmMatch2.27
OR
andy_armstrongcgi.pmMatch2.28
OR
andy_armstrongcgi.pmMatch2.29
OR
andy_armstrongcgi.pmMatch2.30
OR
andy_armstrongcgi.pmMatch2.31
OR
andy_armstrongcgi.pmMatch2.32
OR
andy_armstrongcgi.pmMatch2.33
OR
andy_armstrongcgi.pmMatch2.34
OR
andy_armstrongcgi.pmMatch2.35
OR
andy_armstrongcgi.pmMatch2.36
OR
andy_armstrongcgi.pmMatch2.37
OR
andy_armstrongcgi.pmMatch2.38
OR
andy_armstrongcgi.pmMatch2.39
OR
andy_armstrongcgi.pmMatch2.40
OR
andy_armstrongcgi.pmMatch2.41
OR
andy_armstrongcgi.pmMatch2.42
OR
andy_armstrongcgi.pmMatch2.43
OR
andy_armstrongcgi.pmMatch2.44
OR
andy_armstrongcgi.pmMatch2.45
OR
andy_armstrongcgi.pmMatch2.46
OR
andy_armstrongcgi.pmMatch2.47
OR
andy_armstrongcgi.pmMatch2.48
OR
andy_armstrongcgi.pmMatch2.49
OR
andy_armstrongcgi.pmMatch2.50
OR
andy_armstrongcgi.pmMatch2.51
OR
andy_armstrongcgi.pmMatch2.52
OR
andy_armstrongcgi.pmMatch2.53
OR
andy_armstrongcgi.pmMatch2.54
OR
andy_armstrongcgi.pmMatch2.55
OR
andy_armstrongcgi.pmMatch2.56
OR
andy_armstrongcgi.pmMatch2.57
OR
andy_armstrongcgi.pmMatch2.58
OR
andy_armstrongcgi.pmMatch2.59
OR
andy_armstrongcgi.pmMatch2.60
OR
andy_armstrongcgi.pmMatch2.61
OR
andy_armstrongcgi.pmMatch2.62
OR
andy_armstrongcgi.pmMatch2.63
OR
andy_armstrongcgi.pmMatch2.64
OR
andy_armstrongcgi.pmMatch2.65
OR
andy_armstrongcgi.pmMatch2.66
OR
andy_armstrongcgi.pmMatch2.67
OR
andy_armstrongcgi.pmMatch2.68
OR
andy_armstrongcgi.pmMatch2.69
OR
andy_armstrongcgi.pmMatch2.70
OR
andy_armstrongcgi.pmMatch2.71
OR
andy_armstrongcgi.pmMatch2.72
OR
andy_armstrongcgi.pmMatch2.73
OR
andy_armstrongcgi.pmMatch2.74
OR
andy_armstrongcgi.pmMatch2.75
OR
andy_armstrongcgi.pmMatch2.76
OR
andy_armstrongcgi.pmMatch2.77
OR
andy_armstrongcgi.pmMatch2.78
OR
andy_armstrongcgi.pmMatch2.79
OR
andy_armstrongcgi.pmMatch2.80
OR
andy_armstrongcgi.pmMatch2.81
OR
andy_armstrongcgi.pmMatch2.82
OR
andy_armstrongcgi.pmMatch2.83
OR
andy_armstrongcgi.pmMatch2.84
OR
andy_armstrongcgi.pmMatch2.85
OR
andy_armstrongcgi.pmMatch2.86
OR
andy_armstrongcgi.pmMatch2.87
OR
andy_armstrongcgi.pmMatch2.88
OR
andy_armstrongcgi.pmMatch2.89
OR
andy_armstrongcgi.pmMatch2.90
OR
andy_armstrongcgi.pmMatch2.91
OR
andy_armstrongcgi.pmMatch2.92
OR
andy_armstrongcgi.pmMatch2.93
OR
andy_armstrongcgi.pmMatch2.94
OR
andy_armstrongcgi.pmMatch2.95
OR
andy_armstrongcgi.pmMatch2.96
OR
andy_armstrongcgi.pmMatch2.97
OR
andy_armstrongcgi.pmMatch2.98
OR
andy_armstrongcgi.pmMatch2.99
OR
andy_armstrongcgi.pmMatch2.751
OR
andy_armstrongcgi.pmMatch2.752
OR
andy_armstrongcgi.pmMatch3.00
OR
andy_armstrongcgi.pmMatch3.01
OR
andy_armstrongcgi.pmMatch3.02
OR
andy_armstrongcgi.pmMatch3.03
OR
andy_armstrongcgi.pmMatch3.04
OR
andy_armstrongcgi.pmMatch3.05
OR
andy_armstrongcgi.pmMatch3.06
OR
andy_armstrongcgi.pmMatch3.07
OR
andy_armstrongcgi.pmMatch3.08
OR
andy_armstrongcgi.pmMatch3.09
OR
andy_armstrongcgi.pmMatch3.10
OR
andy_armstrongcgi.pmMatch3.11
OR
andy_armstrongcgi.pmMatch3.12
OR
andy_armstrongcgi.pmMatch3.13
OR
andy_armstrongcgi.pmMatch3.14
OR
andy_armstrongcgi.pmMatch3.15
OR
andy_armstrongcgi.pmMatch3.16
OR
andy_armstrongcgi.pmMatch3.17
OR
andy_armstrongcgi.pmMatch3.18
OR
andy_armstrongcgi.pmMatch3.19
OR
andy_armstrongcgi.pmMatch3.20
OR
andy_armstrongcgi.pmMatch3.21
OR
andy_armstrongcgi.pmMatch3.22
OR
andy_armstrongcgi.pmMatch3.23
OR
andy_armstrongcgi.pmMatch3.24
OR
andy_armstrongcgi.pmMatch3.25
OR
andy_armstrongcgi.pmMatch3.26
OR
andy_armstrongcgi.pmMatch3.27
OR
andy_armstrongcgi.pmMatch3.28
OR
andy_armstrongcgi.pmMatch3.29
OR
andy_armstrongcgi.pmMatch3.30
OR
andy_armstrongcgi.pmMatch3.31
OR
andy_armstrongcgi.pmMatch3.32
OR
andy_armstrongcgi.pmMatch3.33
OR
andy_armstrongcgi.pmMatch3.34
OR
andy_armstrongcgi.pmMatch3.35
OR
andy_armstrongcgi.pmMatch3.36
OR
andy_armstrongcgi.pmMatch3.37
OR
andy_armstrongcgi.pmMatch3.38
OR
andy_armstrongcgi.pmMatch3.39
OR
andy_armstrongcgi.pmMatch3.40
OR
andy_armstrongcgi.pmMatch3.41
OR
andy_armstrongcgi.pmMatch3.42
OR
andy_armstrongcgi.pmMatch3.43
OR
andy_armstrongcgi.pmMatch3.44
OR
andy_armstrongcgi.pmMatch3.45
OR
andy_armstrongcgi.pmMatch3.46
OR
andy_armstrongcgi.pmMatch3.47
OR
andy_armstrongcgi.pmMatch3.48
AND
andy_armstrongcgi-simpleRange1.112
OR
andy_armstrongcgi-simpleMatch0.078
OR
andy_armstrongcgi-simpleMatch0.079
OR
andy_armstrongcgi-simpleMatch0.080
OR
andy_armstrongcgi-simpleMatch0.081
OR
andy_armstrongcgi-simpleMatch0.082
OR
andy_armstrongcgi-simpleMatch0.83
OR
andy_armstrongcgi-simpleMatch1.0
OR
andy_armstrongcgi-simpleMatch1.1
OR
andy_armstrongcgi-simpleMatch1.1.1
OR
andy_armstrongcgi-simpleMatch1.1.2
OR
andy_armstrongcgi-simpleMatch1.103
OR
andy_armstrongcgi-simpleMatch1.104
OR
andy_armstrongcgi-simpleMatch1.105
OR
andy_armstrongcgi-simpleMatch1.106
OR
andy_armstrongcgi-simpleMatch1.107
OR
andy_armstrongcgi-simpleMatch1.108
OR
andy_armstrongcgi-simpleMatch1.109
OR
andy_armstrongcgi-simpleMatch1.110
OR
andy_armstrongcgi-simpleMatch1.111

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

9.1

Confidence

High

EPSS

0.008

Percentile

81.8%