Lucene search

PRIOn knowledge basePRION:CVE-2011-2766

HistorySep 23, 2011 - 10:55 a.m.

Authentication flaw

2011-09-2310:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

CPENameOperatorVersion
debian_linuxeq5.0
debian_linuxeq7.0
debian_linuxeq6.0
fast_cgige0.70
fast_cgile0.73

Name	Operator	Version
debian_linux	eq	5.0
debian_linux	eq	7.0
debian_linux	eq	6.0
fast_cgi	ge	0.70
fast_cgi	le	0.73

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479

www.debian.org/security/2011/dsa-2327

www.mandriva.com/security/advisories?name=MDVSA-2012:001

www.openwall.com/lists/oss-security/2011/09/08/1

www.openwall.com/lists/oss-security/2011/09/08/2

www.securityfocus.com/bid/49549

bugzilla.redhat.com/show_bug.cgi?id=736604

exchange.xforce.ibmcloud.com/vulnerabilities/69709

hermes.opensuse.org/messages/13154637

hermes.opensuse.org/messages/13155253

rt.cpan.org/Public/Bug/Display.html?id=68380