CVE-2012-5526
EPSS 1.7%libcgi-pm-perl - HTTP header injection
發布日:2012/11/21修改日:2026/4/28
描述
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
受影響套件(3)
- Debian/libcgi-pm-perlfrom 0, < 3.61-2
- Debian/libcgi-pm-perlfrom 0, < 3.49-1squeeze2
- Debian/perlfrom 0, < 5.14.2-16