CVE-2010-4410

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-4410
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2010/12/01/1 Patch
http://openwall.com/lists/oss-security/2010/12/01/2 Patch
http://openwall.com/lists/oss-security/2010/12/01/3 Patch
http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm Patch
http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1 Patch
http://secunia.com/advisories/43068
http://secunia.com/advisories/43147
http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
http://www.mandriva.com/security/advisories?name=MDVSA-2010:252
http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html Patch
http://www.redhat.com/support/errata/RHSA-2011-1797.html
http://www.securityfocus.com/bid/44199
http://www.securityfocus.com/bid/45145
http://www.vupen.com/english/advisories/2010/3230
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0249
https://bugzilla.redhat.com/show_bug.cgi?id=658970
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:andy_armstrong:cgi.pm:*:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.4:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.42:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.43:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.44:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.45:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.50:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.51:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.52:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.53:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.54:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.55:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.56:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:1.57:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.0:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.01:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.13:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.14:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.15:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.16:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.17:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.18:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.19:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.20:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.21:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.22:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.23:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.24:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.25:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.26:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.27:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.28:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.29:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.30:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.31:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.32:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.33:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.34:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.35:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.36:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.37:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.38:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.39:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.40:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.41:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.42:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.43:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.44:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.45:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.46:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.47:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.48:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.49:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.50:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.51:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.52:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.53:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.54:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.55:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.56:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.57:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.58:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.59:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.60:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.61:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.62:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.63:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.64:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.65:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.66:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.67:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.68:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.69:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.70:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.71:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.72:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.73:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.74:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.75:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.76:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.77:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.78:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.79:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.80:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.81:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.82:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.83:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.84:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.85:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.86:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.87:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.88:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.89:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.90:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.91:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.92:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.93:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.94:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.95:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.96:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.97:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.98:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.99:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.751:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:2.752:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.00:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.01:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.02:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.03:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.04:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.05:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.06:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.07:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.08:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.09:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.10:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.11:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.12:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.13:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.14:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.15:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.16:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.17:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.18:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.19:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.20:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.21:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.22:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.23:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.24:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.25:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.26:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.27:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.28:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.29:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.30:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.31:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.32:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.33:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.34:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.35:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.36:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.37:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.38:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.39:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.40:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.41:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.42:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.43:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.44:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.45:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.46:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.47:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi.pm:3.48:*:*:*:*:*:*:*
OR cpe:2.3:a:andy_armstrong:cgi-simple:*:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.078:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.079:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.080:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.081:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.082:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:0.83:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.0:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.103:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.104:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.105:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.106:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.107:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.108:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.109:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.110:*:*:*:*:*:*:*
cpe:2.3:a:andy_armstrong:cgi-simple:1.111:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-12-06 20:13

Updated : 2024-02-28 11:41

NVD link : CVE-2010-4410

Mitre link : CVE-2010-4410

CVE.ORG link : CVE-2010-4410

JSON object : View

Products Affected

andy_armstrong

  • cgi-simple
  • cgi.pm
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024