exploit the possibilities
Showing 1 - 4 of 4 RSS Feed

CVE-2010-4410

Status Candidate

Overview

CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

Related Files

VMware Security Advisory 2012-0013
Posted Sep 1, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0013 - VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2010-2761, CVE-2010-4180, CVE-2010-4252, CVE-2010-4410, CVE-2011-0014, CVE-2011-1020, CVE-2011-1089, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2699, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-3597, CVE-2011-4108, CVE-2011-4109, CVE-2011-4110, CVE-2011-4128, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4576, CVE-2011-4577, CVE-2011-4609
MD5 | ab37b6926b046653acdeeef66e7c85ba
Red Hat Security Advisory 2011-1797-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1797-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request.

tags | advisory, remote, web, arbitrary, cgi, perl
systems | linux, redhat
advisories | CVE-2010-2761, CVE-2010-4410, CVE-2011-3597
MD5 | b400cc5f054a764c47b2cdc38af433d1
Ubuntu Security Notice USN-1129-1
Posted May 4, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1129-1 - It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. It was discovered that the CGI.pm Perl module incorrectly handled newline characters. It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input.

tags | advisory, cgi, perl
systems | linux, ubuntu
advisories | CVE-2010-1168, CVE-2010-1447, CVE-2010-2761, CVE-2010-4410, CVE-2010-4411, CVE-2011-1487
MD5 | 24f27408d6090a9d485d70cb6d450a7f
Mandriva Linux Security Advisory 2010-252
Posted Dec 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-252 - CRLF injection vulnerability in the header function in CGI.pm before 3.50 and Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than and CVE-2010-3172. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2010-4410
MD5 | 837906ef6c810814ac5b21b77d4e2f5a
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close