Executive Summary
Summary | |
---|---|
Title | libfcgi-perl security-update |
Informations | |||
---|---|---|---|
Name | DSA-2327 | First vendor Publication | 2011-10-24 |
Vendor | Debian | Last vendor Modification | 2011-10-24 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 0.71-1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.73-2. For the unstable distribution (sid), this problem has been fixed in version 0.73-2. We recommend that you upgrade your libfcgi-perl packages. |
Original Source
Url : http://www.debian.org/security/2011/dsa-2327 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15090 | |||
Oval ID: | oval:org.mitre.oval:def:15090 | ||
Title: | DSA-2327-1 libfcgi-perl -- authentication bypass | ||
Description: | Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse. The oldstable distribution is not affected by this problem. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2327-1 CVE-2011-2766 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libfcgi-perl |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2012-04-02 | Name : Fedora Update for perl-FCGI FEDORA-2011-13130 File : nvt/gb_fedora_2011_13130_perl-FCGI_fc16.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2327-1 (libfcgi-perl) File : nvt/deb_2327_1.nasl |
2012-01-09 | Name : Mandriva Update for fcgi MDVSA-2012:001 (fcgi) File : nvt/gb_mandriva_MDVSA_2012_001.nasl |
2011-10-04 | Name : Fedora Update for perl-FCGI FEDORA-2011-13230 File : nvt/gb_fedora_2011_13230_perl-FCGI_fc15.nasl |
2011-10-04 | Name : Fedora Update for perl-FCGI FEDORA-2011-13236 File : nvt/gb_fedora_2011_13236_perl-FCGI_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75685 | Perl Fast CGI (FCGI) Module Environment Variable Sharing HTTP Headers Remote ... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-5.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-102.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_FastCGI-111222.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_FastCGI-111222.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-05.nasl - Type : ACT_GATHER_INFO |
2012-01-03 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2012-001.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2327.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13130.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13230.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13236.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:30:30 |
|