CVE-2010-4410

CVSS V2 Medium 4.3 CVSS V3 None
Description
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.
Overview
  • CVE ID
  • CVE-2010-4410
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-12-06T20:13:00
  • Last Modified Date
  • 2016-12-08T03:01:45
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:andy_armstrong:cgi.pm:*:*:*:*:*:*:*:* 1 OR 3.49
cpe:2.3:a:andy_armstrong:cgi.pm:1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.42:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.43:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.44:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.45:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.52:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.53:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.54:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.55:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.56:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:1.57:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.35:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.37:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.38:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.39:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.40:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.41:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.42:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.43:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.44:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.45:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.46:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.47:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.48:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.49:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.52:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.53:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.54:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.55:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.56:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.57:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.58:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.59:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.60:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.61:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.62:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.63:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.64:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.65:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.66:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.67:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.68:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.69:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.70:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.71:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.72:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.73:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.74:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.75:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.76:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.77:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.78:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.79:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.80:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.81:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.82:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.83:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.84:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.85:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.86:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.87:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.88:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.89:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.90:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.91:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.92:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.93:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.94:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.95:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.96:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.97:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.98:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.99:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.751:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:2.752:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.03:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.05:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.06:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.07:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.08:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.09:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.35:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.37:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.38:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.39:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.40:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.41:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.42:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.43:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.44:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.45:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.46:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.47:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi.pm:3.48:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:*:*:*:*:*:*:*:* 1 OR 1.112
cpe:2.3:a:andy_armstrong:cgi-simple:0.078:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:0.079:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:0.080:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:0.081:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:0.082:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:0.83:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.103:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.104:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.105:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.106:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.107:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.108:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.109:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.110:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:andy_armstrong:cgi-simple:1.111:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://openwall.com/lists/oss-security/2010/12/01/2 Patch
http://openwall.com/lists/oss-security/2010/12/01/1 Patch
http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html Patch
http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1 Patch
http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm Patch
http://openwall.com/lists/oss-security/2010/12/01/3 Patch
http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
http://www.securityfocus.com/bid/45145
http://www.mandriva.com/security/advisories?name=MDVSA-2010:252
http://www.vupen.com/english/advisories/2010/3230
http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
http://www.vupen.com/english/advisories/2011/0249
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
http://secunia.com/advisories/43147
https://bugzilla.redhat.com/show_bug.cgi?id=658970
http://www.securityfocus.com/bid/44199
http://secunia.com/advisories/43068
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212
http://www.redhat.com/support/errata/RHSA-2011-1797.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
History
Created Old Value New Value Data Type Notes
2022-05-10 09:57:57 Added to TrackCVE