Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2761
HistoryDec 06, 2010 - 12:00 a.m.

CVE-2010-2761

2010-12-0600:00:00
ubuntu.com
ubuntu.com
14

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.008

Percentile

81.8%

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in
CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary
string in multipart/x-mixed-replace content, which allows remote attackers
to inject arbitrary HTTP headers and conduct HTTP response splitting
attacks via crafted input that contains this value, a different
vulnerability than CVE-2010-3172.

Notes

Author Note
mdeslaur debian fix in perl is cgi-multiline-header.diff
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchperl< 5.8.7-10ubuntu1.3UNKNOWN
ubuntu8.04noarchperl< 5.8.8-12ubuntu0.5UNKNOWN
ubuntu10.04noarchperl< 5.10.1-8ubuntu2.1UNKNOWN
ubuntu10.10noarchperl< 5.10.1-12ubuntu2.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.008

Percentile

81.8%