Launchpad CVE tracker

CVE 2010-4410

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

Related bugs and status

CVE-2010-4410 (Candidate) is related to these bugs:

Bug #703423: Sync libcgi-simple-perl 1.111-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	703423	Sync libcgi-simple-perl 1.111-2 (universe) from Debian unstable (main)		libcgi-simple-perl (Ubuntu)	Wishlist	Fix Released

Bug #704391: Merge perl 5.10.1-17 (main) from Debian unstable (main)

Summary				In	Importance	Status
	704391	Merge perl 5.10.1-17 (main) from Debian unstable (main)		perl (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2010120...
MLIST: [oss-security] 2010120...
MLIST: [oss-security] 2010120...
CONFIRM: http://cpansearch.perl...
CONFIRM: http://perl5.git.perl....
CONFIRM: http://perl5.git.perl....
CONFIRM: http://www.nntp.perl.o...
BID: 45145
MANDRIVA: MDVSA-2010:252
VUPEN: ADV-2010-3230
MANDRIVA: MDVSA-2010:237
CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2011-0631
FEDORA: FEDORA-2011-0653
BID: 44199
SECUNIA: 43147
VUPEN: ADV-2011-0249
SUSE: SUSE-SR:2011:002
SECUNIA: 43068
VUPEN: ADV-2011-0212
REDHAT: RHSA-2011:1797
SUSE: SUSE-SR:2011:005
CONFIRM: http://kb.juniper.net/...
CONFIRM: http://kb.juniper.net/...

Launchpad.net

CVE 2010-4410

Related bugs and status

Related bugs

References