← Back

Cgi.pm

cgi.pm

Vendor: Andy Armstrong • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2012-5526
1Andy Armstrong
1Cgi.pm
Apr 29, 2026
Nov 21, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
CVE-2010-4411
1Andy Armstrong
1Cgi.pm
Apr 29, 2026
Dec 6, 2010
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomp...Show more
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.Show less
CVE-2010-4410
1Andy Armstrong
2Cgi Simple
Cgi.pm
Apr 29, 2026
Dec 6, 2010
N/A· v4
N/A· v3
4.3 MEDIUM· v2
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splittin...Show more
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.Show less
CVE-2010-2761
1Andy Armstrong
2Cgi Simple
Cgi.pm
Apr 29, 2026
Dec 6, 2010
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attack...Show more
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.Show less