Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-4410
HistoryDec 06, 2010 - 12:00 a.m.

CVE-2010-4410

2010-12-0600:00:00
ubuntu.com
ubuntu.com
10

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.008

Percentile

81.8%

CRLF injection vulnerability in the header function in (1) CGI.pm before
3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote
attackers to inject arbitrary HTTP headers and conduct HTTP response
splitting attacks via vectors related to non-whitespace characters preceded
by newline characters, a different vulnerability than CVE-2010-2761 and
CVE-2010-3172.

Bugs

Notes

Author Note
mdeslaur debian fix in perl is cgi-multiline-header.diff
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchperl< 5.8.7-10ubuntu1.3UNKNOWN
ubuntu8.04noarchperl< 5.8.8-12ubuntu0.5UNKNOWN
ubuntu10.04noarchperl< 5.10.1-8ubuntu2.1UNKNOWN
ubuntu10.10noarchperl< 5.10.1-12ubuntu2.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.008

Percentile

81.8%