Back to search
CVE-2010-4410
Published: Dec 6, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2011:1797
vendor-advisory
x_refsource_REDHAT
FEDORA-2011-0653
vendor-advisory
x_refsource_FEDORA
43068
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0212
vdb-entry
x_refsource_VUPEN
MDVSA-2010:252
vendor-advisory
x_refsource_MANDRIVA
44199
vdb-entry
x_refsource_BID
SUSE-SR:2011:005
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=658970
x_refsource_CONFIRM
SUSE-SR:2011:002
vendor-advisory
x_refsource_SUSE
ADV-2010-3230
vdb-entry
x_refsource_VUPEN
ADV-2011-0249
vdb-entry
x_refsource_VUPEN
45145
vdb-entry
x_refsource_BID
http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
x_refsource_CONFIRM
MDVSA-2010:237
vendor-advisory
x_refsource_MANDRIVA
http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
x_refsource_CONFIRM
FEDORA-2011-0631
vendor-advisory
x_refsource_FEDORA
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
43147
third-party-advisory
x_refsource_SECUNIA
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now