MidnightBSD

Advisories for andy_armstrong

CVE-2010-2761 MEDIUM

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
andy_armstrong cgi-simple 0.080
andy_armstrong cgi.pm 2.47
andy_armstrong cgi.pm 2.41
andy_armstrong cgi.pm 2.34
andy_armstrong cgi.pm 1.52
andy_armstrong cgi-simple *
andy_armstrong cgi.pm 3.38
andy_armstrong cgi.pm 2.0
andy_armstrong cgi.pm 2.84
andy_armstrong cgi.pm 2.33
andy_armstrong cgi.pm 2.94
andy_armstrong cgi.pm 3.04
andy_armstrong cgi.pm 3.29
andy_armstrong cgi.pm 2.44
andy_armstrong cgi-simple 0.079
andy_armstrong cgi.pm 2.92
andy_armstrong cgi.pm 3.28
andy_armstrong cgi-simple 1.111
andy_armstrong cgi.pm *
andy_armstrong cgi.pm 3.19
andy_armstrong cgi.pm 2.51
andy_armstrong cgi.pm 1.4
andy_armstrong cgi.pm 2.35
andy_armstrong cgi-simple 1.1.1
andy_armstrong cgi.pm 1.54
andy_armstrong cgi.pm 2.74
andy_armstrong cgi.pm 2.25
andy_armstrong cgi.pm 2.83
andy_armstrong cgi.pm 2.52
andy_armstrong cgi.pm 2.86
andy_armstrong cgi.pm 3.16
andy_armstrong cgi.pm 3.17
andy_armstrong cgi.pm 2.38
andy_armstrong cgi.pm 2.97
andy_armstrong cgi.pm 2.89
andy_armstrong cgi.pm 2.93
andy_armstrong cgi.pm 3.34
andy_armstrong cgi.pm 2.60
andy_armstrong cgi.pm 1.50
andy_armstrong cgi.pm 3.45
andy_armstrong cgi.pm 3.48
andy_armstrong cgi.pm 2.64
andy_armstrong cgi.pm 2.56
andy_armstrong cgi.pm 3.02
andy_armstrong cgi-simple 1.103
andy_armstrong cgi.pm 2.99
andy_armstrong cgi.pm 3.39
andy_armstrong cgi-simple 1.108
andy_armstrong cgi.pm 3.03
andy_armstrong cgi-simple 1.110
andy_armstrong cgi.pm 3.47
andy_armstrong cgi.pm 2.13
andy_armstrong cgi.pm 3.10
andy_armstrong cgi.pm 3.13
andy_armstrong cgi.pm 2.14
andy_armstrong cgi.pm 2.75
andy_armstrong cgi.pm 2.81
andy_armstrong cgi.pm 2.54
andy_armstrong cgi.pm 3.44
andy_armstrong cgi.pm 2.40
andy_armstrong cgi.pm 3.22
andy_armstrong cgi.pm 3.11
andy_armstrong cgi.pm 2.77
andy_armstrong cgi.pm 2.32
andy_armstrong cgi.pm 2.65
andy_armstrong cgi.pm 2.29
andy_armstrong cgi.pm 3.35
andy_armstrong cgi.pm 1.44
andy_armstrong cgi.pm 3.30
andy_armstrong cgi-simple 0.082
andy_armstrong cgi.pm 2.751
andy_armstrong cgi.pm 2.80
andy_armstrong cgi.pm 2.39
andy_armstrong cgi.pm 3.36
andy_armstrong cgi.pm 2.28
andy_armstrong cgi.pm 2.69
andy_armstrong cgi.pm 2.88
andy_armstrong cgi.pm 2.90
andy_armstrong cgi-simple 1.1
andy_armstrong cgi-simple 1.109
andy_armstrong cgi.pm 2.43
andy_armstrong cgi.pm 2.78
andy_armstrong cgi.pm 2.26
andy_armstrong cgi-simple 0.078
andy_armstrong cgi.pm 2.70
andy_armstrong cgi.pm 2.62
andy_armstrong cgi.pm 3.15
andy_armstrong cgi.pm 2.73
andy_armstrong cgi.pm 3.32
andy_armstrong cgi.pm 2.55
andy_armstrong cgi-simple 0.83
andy_armstrong cgi.pm 2.82
andy_armstrong cgi.pm 3.21
andy_armstrong cgi.pm 2.76
andy_armstrong cgi.pm 3.05
andy_armstrong cgi.pm 3.27
andy_armstrong cgi.pm 2.21
andy_armstrong cgi.pm 2.71
andy_armstrong cgi.pm 3.14
andy_armstrong cgi.pm 2.87
andy_armstrong cgi.pm 2.01
andy_armstrong cgi.pm 2.45
andy_armstrong cgi.pm 3.26
andy_armstrong cgi.pm 2.20
andy_armstrong cgi.pm 2.61
andy_armstrong cgi.pm 3.18
andy_armstrong cgi-simple 1.104
andy_armstrong cgi.pm 1.57
andy_armstrong cgi.pm 2.27
andy_armstrong cgi.pm 2.96
andy_armstrong cgi-simple 1.1.2
andy_armstrong cgi.pm 1.43
andy_armstrong cgi.pm 3.41
andy_armstrong cgi.pm 2.58
andy_armstrong cgi.pm 2.46
andy_armstrong cgi.pm 2.59
andy_armstrong cgi.pm 3.12
andy_armstrong cgi.pm 1.51
andy_armstrong cgi-simple 1.105
andy_armstrong cgi.pm 2.68
andy_armstrong cgi.pm 3.31
andy_armstrong cgi.pm 2.91
andy_armstrong cgi.pm 3.00
andy_armstrong cgi.pm 3.08
andy_armstrong cgi.pm 3.06
andy_armstrong cgi.pm 3.40
andy_armstrong cgi-simple 1.107
andy_armstrong cgi.pm 2.37
andy_armstrong cgi.pm 2.67
andy_armstrong cgi.pm 2.42
andy_armstrong cgi.pm 2.79
andy_armstrong cgi-simple 1.106
andy_armstrong cgi.pm 3.25
andy_armstrong cgi.pm 3.24
andy_armstrong cgi.pm 3.07
andy_armstrong cgi.pm 1.55
andy_armstrong cgi.pm 2.63
andy_armstrong cgi-simple 0.081
andy_armstrong cgi.pm 2.16
andy_armstrong cgi.pm 2.19
andy_armstrong cgi.pm 2.36
andy_armstrong cgi.pm 1.42
andy_armstrong cgi.pm 2.22
andy_armstrong cgi.pm 2.50
andy_armstrong cgi.pm 3.33
andy_armstrong cgi.pm 2.17
andy_armstrong cgi.pm 2.98
andy_armstrong cgi.pm 1.56
andy_armstrong cgi.pm 2.31
andy_armstrong cgi.pm 2.18
andy_armstrong cgi.pm 2.752
andy_armstrong cgi.pm 3.43
andy_armstrong cgi-simple 1.0
andy_armstrong cgi.pm 2.49
andy_armstrong cgi.pm 2.15
andy_armstrong cgi.pm 2.48
andy_armstrong cgi.pm 1.53
andy_armstrong cgi.pm 2.57
andy_armstrong cgi.pm 2.72
andy_armstrong cgi.pm 3.09
andy_armstrong cgi.pm 3.46
andy_armstrong cgi.pm 3.23
andy_armstrong cgi.pm 2.23
andy_armstrong cgi.pm 3.01
andy_armstrong cgi.pm 2.53
andy_armstrong cgi.pm 1.45
andy_armstrong cgi.pm 2.30
andy_armstrong cgi.pm 2.24
andy_armstrong cgi.pm 2.95
andy_armstrong cgi.pm 3.20
andy_armstrong cgi.pm 2.85
andy_armstrong cgi.pm 3.37
andy_armstrong cgi.pm 2.66
andy_armstrong cgi.pm 3.42
CVE-2010-4410 MEDIUM

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
andy_armstrong cgi-simple 0.080
andy_armstrong cgi.pm 2.47
andy_armstrong cgi.pm 2.41
andy_armstrong cgi.pm 2.34
andy_armstrong cgi.pm 1.52
andy_armstrong cgi-simple *
andy_armstrong cgi.pm 3.38
andy_armstrong cgi.pm 2.0
andy_armstrong cgi.pm 2.84
andy_armstrong cgi.pm 2.33
andy_armstrong cgi.pm 2.94
andy_armstrong cgi.pm 3.04
andy_armstrong cgi.pm 3.29
andy_armstrong cgi.pm 2.44
andy_armstrong cgi-simple 0.079
andy_armstrong cgi.pm 2.92
andy_armstrong cgi.pm 3.28
andy_armstrong cgi-simple 1.111
andy_armstrong cgi.pm *
andy_armstrong cgi.pm 3.19
andy_armstrong cgi.pm 2.51
andy_armstrong cgi.pm 1.4
andy_armstrong cgi.pm 2.35
andy_armstrong cgi-simple 1.1.1
andy_armstrong cgi.pm 1.54
andy_armstrong cgi.pm 2.74
andy_armstrong cgi.pm 2.25
andy_armstrong cgi.pm 2.83
andy_armstrong cgi.pm 2.52
andy_armstrong cgi.pm 2.86
andy_armstrong cgi.pm 3.16
andy_armstrong cgi.pm 3.17
andy_armstrong cgi.pm 2.38
andy_armstrong cgi.pm 2.97
andy_armstrong cgi.pm 2.89
andy_armstrong cgi.pm 2.93
andy_armstrong cgi.pm 3.34
andy_armstrong cgi.pm 2.60
andy_armstrong cgi.pm 1.50
andy_armstrong cgi.pm 3.45
andy_armstrong cgi.pm 3.48
andy_armstrong cgi.pm 2.64
andy_armstrong cgi.pm 2.56
andy_armstrong cgi.pm 3.02
andy_armstrong cgi-simple 1.103
andy_armstrong cgi.pm 2.99
andy_armstrong cgi.pm 3.39
andy_armstrong cgi-simple 1.108
andy_armstrong cgi.pm 3.03
andy_armstrong cgi-simple 1.110
andy_armstrong cgi.pm 3.47
andy_armstrong cgi.pm 2.13
andy_armstrong cgi.pm 3.10
andy_armstrong cgi.pm 3.13
andy_armstrong cgi.pm 2.14
andy_armstrong cgi.pm 2.75
andy_armstrong cgi.pm 2.81
andy_armstrong cgi.pm 2.54
andy_armstrong cgi.pm 3.44
andy_armstrong cgi.pm 2.40
andy_armstrong cgi.pm 3.22
andy_armstrong cgi.pm 3.11
andy_armstrong cgi.pm 2.77
andy_armstrong cgi.pm 2.32
andy_armstrong cgi.pm 2.65
andy_armstrong cgi.pm 2.29
andy_armstrong cgi.pm 3.35
andy_armstrong cgi.pm 1.44
andy_armstrong cgi.pm 3.30
andy_armstrong cgi-simple 0.082
andy_armstrong cgi.pm 2.751
andy_armstrong cgi.pm 2.80
andy_armstrong cgi.pm 2.39
andy_armstrong cgi.pm 3.36
andy_armstrong cgi.pm 2.28
andy_armstrong cgi.pm 2.69
andy_armstrong cgi.pm 2.88
andy_armstrong cgi.pm 2.90
andy_armstrong cgi-simple 1.1
andy_armstrong cgi-simple 1.109
andy_armstrong cgi.pm 2.43
andy_armstrong cgi.pm 2.78
andy_armstrong cgi.pm 2.26
andy_armstrong cgi-simple 0.078
andy_armstrong cgi.pm 2.70
andy_armstrong cgi.pm 2.62
andy_armstrong cgi.pm 3.15
andy_armstrong cgi.pm 2.73
andy_armstrong cgi.pm 3.32
andy_armstrong cgi.pm 2.55
andy_armstrong cgi-simple 0.83
andy_armstrong cgi.pm 2.82
andy_armstrong cgi.pm 3.21
andy_armstrong cgi.pm 2.76
andy_armstrong cgi.pm 3.05
andy_armstrong cgi.pm 3.27
andy_armstrong cgi.pm 2.21
andy_armstrong cgi.pm 2.71
andy_armstrong cgi.pm 3.14
andy_armstrong cgi.pm 2.87
andy_armstrong cgi.pm 2.01
andy_armstrong cgi.pm 2.45
andy_armstrong cgi.pm 3.26
andy_armstrong cgi.pm 2.20
andy_armstrong cgi.pm 2.61
andy_armstrong cgi.pm 3.18
andy_armstrong cgi-simple 1.104
andy_armstrong cgi.pm 1.57
andy_armstrong cgi.pm 2.27
andy_armstrong cgi.pm 2.96
andy_armstrong cgi-simple 1.1.2
andy_armstrong cgi.pm 1.43
andy_armstrong cgi.pm 3.41
andy_armstrong cgi.pm 2.58
andy_armstrong cgi.pm 2.46
andy_armstrong cgi.pm 2.59
andy_armstrong cgi.pm 3.12
andy_armstrong cgi.pm 1.51
andy_armstrong cgi-simple 1.105
andy_armstrong cgi.pm 2.68
andy_armstrong cgi.pm 3.31
andy_armstrong cgi.pm 2.91
andy_armstrong cgi.pm 3.00
andy_armstrong cgi.pm 3.08
andy_armstrong cgi.pm 3.06
andy_armstrong cgi.pm 3.40
andy_armstrong cgi-simple 1.107
andy_armstrong cgi.pm 2.37
andy_armstrong cgi.pm 2.67
andy_armstrong cgi.pm 2.42
andy_armstrong cgi.pm 2.79
andy_armstrong cgi-simple 1.106
andy_armstrong cgi.pm 3.25
andy_armstrong cgi.pm 3.24
andy_armstrong cgi.pm 3.07
andy_armstrong cgi.pm 1.55
andy_armstrong cgi.pm 2.63
andy_armstrong cgi-simple 0.081
andy_armstrong cgi.pm 2.16
andy_armstrong cgi.pm 2.19
andy_armstrong cgi.pm 2.36
andy_armstrong cgi.pm 1.42
andy_armstrong cgi.pm 2.22
andy_armstrong cgi.pm 2.50
andy_armstrong cgi.pm 3.33
andy_armstrong cgi.pm 2.17
andy_armstrong cgi.pm 2.98
andy_armstrong cgi.pm 1.56
andy_armstrong cgi.pm 2.31
andy_armstrong cgi.pm 2.18
andy_armstrong cgi.pm 2.752
andy_armstrong cgi.pm 3.43
andy_armstrong cgi-simple 1.0
andy_armstrong cgi.pm 2.49
andy_armstrong cgi.pm 2.15
andy_armstrong cgi.pm 2.48
andy_armstrong cgi.pm 1.53
andy_armstrong cgi.pm 2.57
andy_armstrong cgi.pm 2.72
andy_armstrong cgi.pm 3.09
andy_armstrong cgi.pm 3.46
andy_armstrong cgi.pm 3.23
andy_armstrong cgi.pm 2.23
andy_armstrong cgi.pm 3.01
andy_armstrong cgi.pm 2.53
andy_armstrong cgi.pm 1.45
andy_armstrong cgi.pm 2.30
andy_armstrong cgi.pm 2.24
andy_armstrong cgi.pm 2.95
andy_armstrong cgi.pm 3.20
andy_armstrong cgi.pm 2.85
andy_armstrong cgi.pm 3.37
andy_armstrong cgi.pm 2.66
andy_armstrong cgi.pm 3.42
CVE-2010-4411 MEDIUM

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
andy_armstrong cgi.pm 2.47
andy_armstrong cgi.pm 2.41
andy_armstrong cgi.pm 2.34
andy_armstrong cgi.pm 1.52
andy_armstrong cgi.pm 3.38
andy_armstrong cgi.pm 2.0
andy_armstrong cgi.pm 2.84
andy_armstrong cgi.pm 2.33
andy_armstrong cgi.pm 2.94
andy_armstrong cgi.pm 3.04
andy_armstrong cgi.pm 3.29
andy_armstrong cgi.pm 2.44
andy_armstrong cgi.pm 2.92
andy_armstrong cgi.pm 3.28
andy_armstrong cgi.pm *
andy_armstrong cgi.pm 3.19
andy_armstrong cgi.pm 2.51
andy_armstrong cgi.pm 1.4
andy_armstrong cgi.pm 2.35
andy_armstrong cgi.pm 1.54
andy_armstrong cgi.pm 2.74
andy_armstrong cgi.pm 2.25
andy_armstrong cgi.pm 2.83
andy_armstrong cgi.pm 2.52
andy_armstrong cgi.pm 2.86
andy_armstrong cgi.pm 3.16
andy_armstrong cgi.pm 3.17
andy_armstrong cgi.pm 2.38
andy_armstrong cgi.pm 2.97
andy_armstrong cgi.pm 2.89
andy_armstrong cgi.pm 2.93
andy_armstrong cgi.pm 3.34
andy_armstrong cgi.pm 2.60
andy_armstrong cgi.pm 1.50
andy_armstrong cgi.pm 3.45
andy_armstrong cgi.pm 3.48
andy_armstrong cgi.pm 2.64
andy_armstrong cgi.pm 2.56
andy_armstrong cgi.pm 3.02
andy_armstrong cgi.pm 2.99
andy_armstrong cgi.pm 3.39
andy_armstrong cgi.pm 3.03
andy_armstrong cgi.pm 3.47
andy_armstrong cgi.pm 2.13
andy_armstrong cgi.pm 3.10
andy_armstrong cgi.pm 3.13
andy_armstrong cgi.pm 2.14
andy_armstrong cgi.pm 2.75
andy_armstrong cgi.pm 2.81
andy_armstrong cgi.pm 2.54
andy_armstrong cgi.pm 3.44
andy_armstrong cgi.pm 2.40
andy_armstrong cgi.pm 3.22
andy_armstrong cgi.pm 3.11
andy_armstrong cgi.pm 2.77
andy_armstrong cgi.pm 2.32
andy_armstrong cgi.pm 2.65
andy_armstrong cgi.pm 2.29
andy_armstrong cgi.pm 3.35
andy_armstrong cgi.pm 1.44
andy_armstrong cgi.pm 3.30
andy_armstrong cgi.pm 2.751
andy_armstrong cgi.pm 2.80
andy_armstrong cgi.pm 2.39
andy_armstrong cgi.pm 3.36
andy_armstrong cgi.pm 2.28
andy_armstrong cgi.pm 2.69
andy_armstrong cgi.pm 2.88
andy_armstrong cgi.pm 2.90
andy_armstrong cgi.pm 2.43
andy_armstrong cgi.pm 2.78
andy_armstrong cgi.pm 2.26
andy_armstrong cgi.pm 2.70
andy_armstrong cgi.pm 2.62
andy_armstrong cgi.pm 3.15
andy_armstrong cgi.pm 2.73
andy_armstrong cgi.pm 3.32
andy_armstrong cgi.pm 2.55
andy_armstrong cgi.pm 2.82
andy_armstrong cgi.pm 3.21
andy_armstrong cgi.pm 2.76
andy_armstrong cgi.pm 3.05
andy_armstrong cgi.pm 3.27
andy_armstrong cgi.pm 2.21
andy_armstrong cgi.pm 2.71
andy_armstrong cgi.pm 3.14
andy_armstrong cgi.pm 2.87
andy_armstrong cgi.pm 2.01
andy_armstrong cgi.pm 2.45
andy_armstrong cgi.pm 3.26
andy_armstrong cgi.pm 2.20
andy_armstrong cgi.pm 2.61
andy_armstrong cgi.pm 3.18
andy_armstrong cgi.pm 1.57
andy_armstrong cgi.pm 2.27
andy_armstrong cgi.pm 2.96
andy_armstrong cgi.pm 1.43
andy_armstrong cgi.pm 3.41
andy_armstrong cgi.pm 2.58
andy_armstrong cgi.pm 2.46
andy_armstrong cgi.pm 2.59
andy_armstrong cgi.pm 3.12
andy_armstrong cgi.pm 1.51
andy_armstrong cgi.pm 2.68
andy_armstrong cgi.pm 3.31
andy_armstrong cgi.pm 2.91
andy_armstrong cgi.pm 3.00
andy_armstrong cgi.pm 3.08
andy_armstrong cgi.pm 3.06
andy_armstrong cgi.pm 3.40
andy_armstrong cgi.pm 2.37
andy_armstrong cgi.pm 2.67
andy_armstrong cgi.pm 2.42
andy_armstrong cgi.pm 2.79
andy_armstrong cgi.pm 3.25
andy_armstrong cgi.pm 3.24
andy_armstrong cgi.pm 3.07
andy_armstrong cgi.pm 1.55
andy_armstrong cgi.pm 2.63
andy_armstrong cgi.pm 2.16
andy_armstrong cgi.pm 2.19
andy_armstrong cgi.pm 2.36
andy_armstrong cgi.pm 1.42
andy_armstrong cgi.pm 2.22
andy_armstrong cgi.pm 2.50
andy_armstrong cgi.pm 3.33
andy_armstrong cgi.pm 2.17
andy_armstrong cgi.pm 2.98
andy_armstrong cgi.pm 1.56
andy_armstrong cgi.pm 2.31
andy_armstrong cgi.pm 2.18
andy_armstrong cgi.pm 3.49
andy_armstrong cgi.pm 2.752
andy_armstrong cgi.pm 3.43
andy_armstrong cgi.pm 2.49
andy_armstrong cgi.pm 2.15
andy_armstrong cgi.pm 2.48
andy_armstrong cgi.pm 1.53
andy_armstrong cgi.pm 2.57
andy_armstrong cgi.pm 2.72
andy_armstrong cgi.pm 3.09
andy_armstrong cgi.pm 3.46
andy_armstrong cgi.pm 3.23
andy_armstrong cgi.pm 2.23
andy_armstrong cgi.pm 3.01
andy_armstrong cgi.pm 2.53
andy_armstrong cgi.pm 1.45
andy_armstrong cgi.pm 2.30
andy_armstrong cgi.pm 2.24
andy_armstrong cgi.pm 2.95
andy_armstrong cgi.pm 3.20
andy_armstrong cgi.pm 2.85
andy_armstrong cgi.pm 3.37
andy_armstrong cgi.pm 2.66
andy_armstrong cgi.pm 3.42