CVE-2010-2761

CVE Details

Release Date:2010-12-06

Description


The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

See more information about CVE-2010-2761 from MITRE CVE dictionary and NIST NVD


CVSS v2.0 metrics


NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 4.3 Base Metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector: Network Attack Complexity: Medium
Authentication: None required Confidentiality Impact: None
Integrity Impact: Partial Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Enterprise Linux version 4 (perl)ELSA-2011-17972011-12-08
Oracle Linux version 5 (perl)ELSA-2011-17972011-12-08
Oracle Linux version 6 (perl)ELSA-2011-05582011-05-28



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete