47 matches found
CVE-2010-2761
The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...
CVE-2010-4410
CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...
CVE-2010-4410
CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...
CVE-2010-4410
CGI.pm (before 3.50) and CGI::Simple (1.112 and earlier) expose a CRLF injection in the header function that allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via non-whitespace characters that follow newline characters. This is a separate issue from CVE...
CVE-2010-2761
CVE-2010-2761 affects CGI.pm (before 3.50) and CGI::Simple (CGI::Simple 1.112 and earlier). The multipart_init function uses a hardcoded MIME boundary in multipart/x-mixed-replace, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via crafted input. Re...
CVE-2010-2761
The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...
CVE-2010-4410
CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...