Executive Summary

Informations
Name MDVSA-2011:008 First vendor Publication 2011-01-14
Vendor Mandriva Last vendor Modification 2011-01-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found and corrected in perl-CGI:

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761 (CVE-2010-4411).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been upgraded to the latest version (3.51) which is not affected by this issue and in turn also brings many bugfixes.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:008

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20547
 
Oval ID: oval:org.mitre.oval:def:20547
Title: VMware vSphere and vCOps updates to third party libraries
Description: The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
Family: unix Class: vulnerability
Reference(s): CVE-2010-2761
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 20
Application 154

OpenVAS Exploits

Date Description
2012-08-31 Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-07-30 Name : CentOS Update for perl CESA-2011:1797 centos4 x86_64
File : nvt/gb_CESA-2011_1797_perl_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for perl CESA-2011:1797 centos5 x86_64
File : nvt/gb_CESA-2011_1797_perl_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for perl RHSA-2011:0558-01
File : nvt/gb_RHSA-2011_0558-01_perl.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla)
File : nvt/glsa_201110_03.nasl
2011-12-12 Name : CentOS Update for perl CESA-2011:1797 centos4 i386
File : nvt/gb_CESA-2011_1797_perl_centos4_i386.nasl
2011-12-12 Name : CentOS Update for perl CESA-2011:1797 centos5 i386
File : nvt/gb_CESA-2011_1797_perl_centos5_i386.nasl
2011-12-09 Name : RedHat Update for perl RHSA-2011:1797-01
File : nvt/gb_RHSA-2011_1797-01_perl.nasl
2011-05-10 Name : Ubuntu Update for perl USN-1129-1
File : nvt/gb_ubuntu_USN_1129_1.nasl
2011-03-05 Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla12.nasl
2011-02-04 Name : Fedora Update for perl-CGI FEDORA-2011-0640
File : nvt/gb_fedora_2011_0640_perl-CGI_fc14.nasl
2011-02-04 Name : Fedora Update for perl-CGI FEDORA-2011-0654
File : nvt/gb_fedora_2011_0654_perl-CGI_fc13.nasl
2011-02-04 Name : Fedora Update for bugzilla FEDORA-2011-0741
File : nvt/gb_fedora_2011_0741_bugzilla_fc14.nasl
2011-01-31 Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0631
File : nvt/gb_fedora_2011_0631_perl-CGI-Simple_fc13.nasl
2011-01-31 Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0653
File : nvt/gb_fedora_2011_0653_perl-CGI-Simple_fc14.nasl
2011-01-21 Name : Mandriva Update for perl-CGI MDVSA-2011:008 (perl-CGI)
File : nvt/gb_mandriva_MDVSA_2011_008.nasl
2010-12-28 Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)
File : nvt/gb_mandriva_MDVSA_2010_252.nasl
2010-12-23 Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)
File : nvt/gb_mandriva_MDVSA_2010_250.nasl
2010-12-02 Name : Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
File : nvt/gb_perl_CGI_45145.nasl
2010-11-23 Name : Mandriva Update for perl-CGI MDVSA-2010:237 (perl-CGI)
File : nvt/gb_mandriva_MDVSA_2010_237.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69588 CGI.pm multipart_init() Function multipart/x-mixed-replace MIME Type HTTP Hea...

CGI.pm contains a flaw related to the 'multipart_init()' function when handing a message with 'multipart/x-mixed-replace' MIME type. This may allow a remote attacker to inject arbitrary HTTP headers in a response to the user.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-09-27 IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13 IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794

Nessus® Vulnerability Scanner

Date Description
2016-02-29 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-CGI-Simple-110127.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-110112.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2012-08-31 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111208_perl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110519_perl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-12-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2011-12-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2011-10-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-03.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1129-1.nasl - Type : ACT_GATHER_INFO
2011-05-20 Name : The remote host is missing the patch for the advisory RHSA-2011-0558
File : redhat-RHSA-2011-0558.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-110112.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-CGI-Simple-110127.nasl - Type : ACT_GATHER_INFO
2011-02-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0755.nasl - Type : ACT_GATHER_INFO
2011-02-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0741.nasl - Type : ACT_GATHER_INFO
2011-02-01 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0640.nasl - Type : ACT_GATHER_INFO
2011-02-01 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0654.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0631.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0653.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-008.nasl - Type : ACT_GATHER_INFO
2011-01-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_c8c927e5289111e08f2600151735203a.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-7316.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_perl-110112.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-237.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:42:00
  • Multiple Updates
2013-05-11 00:48:26
  • Multiple Updates