Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2010:237 | First vendor Publication | 2010-11-16 |
Vendor | Mandriva | Last vendor Modification | 2010-11-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A new version of the CGI Perl module has been released to CPAN, which fixes several security bugs which directly affect Bugzilla (these two security bugs where first discovered as affecting Bugzilla, then identified as being bugs in CGI.pm itself). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to perl-CGI 3.50 to solve these security issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:237 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19764 | |||
Oval ID: | oval:org.mitre.oval:def:19764 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4410 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20547 | |||
Oval ID: | oval:org.mitre.oval:def:20547 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-2761 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-07-30 | Name : CentOS Update for perl CESA-2011:1797 centos4 x86_64 File : nvt/gb_CESA-2011_1797_perl_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for perl CESA-2011:1797 centos5 x86_64 File : nvt/gb_CESA-2011_1797_perl_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for perl RHSA-2011:0558-01 File : nvt/gb_RHSA-2011_0558-01_perl.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla) File : nvt/glsa_201110_03.nasl |
2011-12-12 | Name : CentOS Update for perl CESA-2011:1797 centos4 i386 File : nvt/gb_CESA-2011_1797_perl_centos4_i386.nasl |
2011-12-12 | Name : CentOS Update for perl CESA-2011:1797 centos5 i386 File : nvt/gb_CESA-2011_1797_perl_centos5_i386.nasl |
2011-12-09 | Name : RedHat Update for perl RHSA-2011:1797-01 File : nvt/gb_RHSA-2011_1797-01_perl.nasl |
2011-05-10 | Name : Ubuntu Update for perl USN-1129-1 File : nvt/gb_ubuntu_USN_1129_1.nasl |
2011-03-05 | Name : FreeBSD Ports: bugzilla File : nvt/freebsd_bugzilla12.nasl |
2011-02-04 | Name : Fedora Update for perl-CGI FEDORA-2011-0640 File : nvt/gb_fedora_2011_0640_perl-CGI_fc14.nasl |
2011-02-04 | Name : Fedora Update for perl-CGI FEDORA-2011-0654 File : nvt/gb_fedora_2011_0654_perl-CGI_fc13.nasl |
2011-02-04 | Name : Fedora Update for bugzilla FEDORA-2011-0741 File : nvt/gb_fedora_2011_0741_bugzilla_fc14.nasl |
2011-01-31 | Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0631 File : nvt/gb_fedora_2011_0631_perl-CGI-Simple_fc13.nasl |
2011-01-31 | Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0653 File : nvt/gb_fedora_2011_0653_perl-CGI-Simple_fc14.nasl |
2011-01-21 | Name : Mandriva Update for perl-CGI MDVSA-2011:008 (perl-CGI) File : nvt/gb_mandriva_MDVSA_2011_008.nasl |
2010-12-28 | Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple) File : nvt/gb_mandriva_MDVSA_2010_252.nasl |
2010-12-23 | Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple) File : nvt/gb_mandriva_MDVSA_2010_250.nasl |
2010-12-02 | Name : Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability File : nvt/gb_perl_CGI_45145.nasl |
2010-11-23 | Name : Mandriva Update for perl-CGI MDVSA-2010:237 (perl-CGI) File : nvt/gb_mandriva_MDVSA_2010_237.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69589 | CGI.pm header() Function Newline Character Handling HTTP Header Injection CGI.pm contains a flaw related to the 'header()' function's handling of newline characters. This may allow a remote attacker to inject arbitrary HTTP headers in a response to the user. |
69588 | CGI.pm multipart_init() Function multipart/x-mixed-replace MIME Type HTTP Hea... CGI.pm contains a flaw related to the 'multipart_init()' function when handing a message with 'multipart/x-mixed-replace' MIME type. This may allow a remote attacker to inject arbitrary HTTP headers in a response to the user. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_perl-CGI-Simple-110127.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_perl-110112.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1797.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111208_perl_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_perl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO |
2011-12-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO |
2011-10-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-03.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1129-1.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote host is missing the patch for the advisory RHSA-2011-0558 File : redhat-RHSA-2011-0558.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_perl-110112.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_perl-CGI-Simple-110127.nasl - Type : ACT_GATHER_INFO |
2011-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0755.nasl - Type : ACT_GATHER_INFO |
2011-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0741.nasl - Type : ACT_GATHER_INFO |
2011-02-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0640.nasl - Type : ACT_GATHER_INFO |
2011-02-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0654.nasl - Type : ACT_GATHER_INFO |
2011-01-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0631.nasl - Type : ACT_GATHER_INFO |
2011-01-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0653.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-008.nasl - Type : ACT_GATHER_INFO |
2011-01-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c8c927e5289111e08f2600151735203a.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_perl-7316.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_perl-110112.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-237.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:54 |
|