Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2766

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

Related bugs and status

CVE-2011-2766 (Candidate) is related to these bugs:

Bug #863678: [CVE-2011-2766] authentication bypass

Summary				In	Importance	Status
	863678	[CVE-2011-2766] authentication bypass		libfcgi-perl (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2011090...
MLIST: [oss-security] 2011090...
CONFIRM: http://bugs.debian.org...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://rt.cpan.org/Pu...
BID: 49549
DEBIAN: DSA-2327
MANDRIVA: MDVSA-2012:001
SUSE: openSUSE-SU-2012:0004
SUSE: openSUSE-SU-2012:0036
XF: perlfast-cgi-security-...