Executive Summary

Informations
NameCVE-2010-2761First vendor Publication2010-12-06
VendorCveLast vendor Modification2014-02-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761

CWE : Common Weakness Enumeration

idName
CWE-94Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20547
 
Oval ID: oval:org.mitre.oval:def:20547
Title: VMware vSphere and vCOps updates to third party libraries
Description: The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
Family: unix Class: vulnerability
Reference(s): CVE-2010-2761
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application20
Application154

OpenVAS Exploits

DateDescription
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-07-30Name : CentOS Update for perl CESA-2011:1797 centos4 x86_64
File : nvt/gb_CESA-2011_1797_perl_centos4_x86_64.nasl
2012-07-30Name : CentOS Update for perl CESA-2011:1797 centos5 x86_64
File : nvt/gb_CESA-2011_1797_perl_centos5_x86_64.nasl
2012-07-09Name : RedHat Update for perl RHSA-2011:0558-01
File : nvt/gb_RHSA-2011_0558-01_perl.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla)
File : nvt/glsa_201110_03.nasl
2011-12-12Name : CentOS Update for perl CESA-2011:1797 centos4 i386
File : nvt/gb_CESA-2011_1797_perl_centos4_i386.nasl
2011-12-12Name : CentOS Update for perl CESA-2011:1797 centos5 i386
File : nvt/gb_CESA-2011_1797_perl_centos5_i386.nasl
2011-12-09Name : RedHat Update for perl RHSA-2011:1797-01
File : nvt/gb_RHSA-2011_1797-01_perl.nasl
2011-05-10Name : Ubuntu Update for perl USN-1129-1
File : nvt/gb_ubuntu_USN_1129_1.nasl
2011-03-05Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla12.nasl
2011-02-04Name : Fedora Update for perl-CGI FEDORA-2011-0640
File : nvt/gb_fedora_2011_0640_perl-CGI_fc14.nasl
2011-02-04Name : Fedora Update for perl-CGI FEDORA-2011-0654
File : nvt/gb_fedora_2011_0654_perl-CGI_fc13.nasl
2011-02-04Name : Fedora Update for bugzilla FEDORA-2011-0741
File : nvt/gb_fedora_2011_0741_bugzilla_fc14.nasl
2011-01-31Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0631
File : nvt/gb_fedora_2011_0631_perl-CGI-Simple_fc13.nasl
2011-01-31Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0653
File : nvt/gb_fedora_2011_0653_perl-CGI-Simple_fc14.nasl
2011-01-21Name : Mandriva Update for perl-CGI MDVSA-2011:008 (perl-CGI)
File : nvt/gb_mandriva_MDVSA_2011_008.nasl
2010-12-28Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)
File : nvt/gb_mandriva_MDVSA_2010_252.nasl
2010-12-23Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)
File : nvt/gb_mandriva_MDVSA_2010_250.nasl
2010-12-02Name : Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
File : nvt/gb_perl_CGI_45145.nasl
2010-11-23Name : Mandriva Update for perl-CGI MDVSA-2010:237 (perl-CGI)
File : nvt/gb_mandriva_MDVSA_2010_237.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
69588CGI.pm multipart_init() Function multipart/x-mixed-replace MIME Type HTTP Hea...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-09-27IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13IAVM : 2012-B-0086 - VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791
2012-09-13IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity : Category I - VMSKEY : V0033792
2012-09-13IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity : Category I - VMSKEY : V0033793
2012-09-13IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-110112.nasl - Type : ACT_GATHER_INFO
2013-07-29Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2013-06-17Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110519_perl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111208_perl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-12-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2011-12-09Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2011-10-11Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-03.nasl - Type : ACT_GATHER_INFO
2011-06-13Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1129-1.nasl - Type : ACT_GATHER_INFO
2011-05-20Name : The remote host is missing the patch for the advisory RHSA-2011-0558
File : redhat-RHSA-2011-0558.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-110112.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO
2011-02-03Name : The remote Fedora host is missing a security update.
File : fedora_2011-0741.nasl - Type : ACT_GATHER_INFO
2011-02-03Name : The remote Fedora host is missing a security update.
File : fedora_2011-0755.nasl - Type : ACT_GATHER_INFO
2011-02-01Name : The remote Fedora host is missing a security update.
File : fedora_2011-0640.nasl - Type : ACT_GATHER_INFO
2011-02-01Name : The remote Fedora host is missing a security update.
File : fedora_2011-0654.nasl - Type : ACT_GATHER_INFO
2011-01-31Name : The remote Fedora host is missing a security update.
File : fedora_2011-0631.nasl - Type : ACT_GATHER_INFO
2011-01-31Name : The remote Fedora host is missing a security update.
File : fedora_2011-0653.nasl - Type : ACT_GATHER_INFO
2011-01-28Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-008.nasl - Type : ACT_GATHER_INFO
2011-01-26Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_c8c927e5289111e08f2600151735203a.nasl - Type : ACT_GATHER_INFO
2011-01-21Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-7316.nasl - Type : ACT_GATHER_INFO
2011-01-21Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_perl-110112.nasl - Type : ACT_GATHER_INFO
2010-11-16Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-237.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb1...
http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd...
http://www.bugzilla.org/security/3.2.9/
http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
https://bugzilla.mozilla.org/show_bug.cgi?id=591165
https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262ee...
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/05366...
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/05367...
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576...
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591...
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:237
http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
MISChttps://bugzilla.mozilla.org/show_bug.cgi?id=600464
MLISThttp://openwall.com/lists/oss-security/2010/12/01/1
http://openwall.com/lists/oss-security/2010/12/01/2
http://openwall.com/lists/oss-security/2010/12/01/3
OSVDBhttp://osvdb.org/69588
http://osvdb.org/69589
REDHAThttp://www.redhat.com/support/errata/RHSA-2011-1797.html
SECUNIAhttp://secunia.com/advisories/42877
http://secunia.com/advisories/43033
http://secunia.com/advisories/43068
http://secunia.com/advisories/43147
http://secunia.com/advisories/43165
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
VUPENhttp://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0249
http://www.vupen.com/english/advisories/2011/0271

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2014-06-14 13:28:59
  • Multiple Updates
2014-02-17 10:56:32
  • Multiple Updates
2014-02-12 13:21:59
  • Multiple Updates
2013-11-11 12:38:51
  • Multiple Updates
2013-05-10 23:29:13
  • Multiple Updates