5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
Integrity Impact
PARTIAL
Availability Impact
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.2%
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
www.openwall.com/lists/oss-security/2012/11/15/4
launchpad.net/bugs/cve/CVE-2012-5526
nvd.nist.gov/vuln/detail/CVE-2012-5526
security-tracker.debian.org/tracker/CVE-2012-5526
ubuntu.com/security/notices/USN-1643-1
www.cve.org/CVERecord?id=CVE-2012-5526