Your submission was sent successfully! Close

CVE-2012-5526

Published: 21 November 2012

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Priority

Low

Status

Package Release Status
libcgi-pm-perl
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Not vulnerable
(3.63-1)
trusty Does not exist
(trusty was not-affected [3.64-1])
upstream
Released (3.63)
utopic Not vulnerable
(3.64-1)
vivid Not vulnerable
(3.64-1)
wily Not vulnerable
(3.64-1)
xenial Not vulnerable
(3.64-1)
yakkety Not vulnerable
(3.64-1)
zesty Not vulnerable
(3.64-1)
Patches:
upstream: https://github.com/markstos/CGI.pm/pull/23.patch

perl
Launchpad, Ubuntu, Debian
hardy
Released (5.8.8-12ubuntu0.7)
lucid
Released (5.10.1-8ubuntu2.2)
oneiric
Released (5.12.4-4ubuntu0.1)
precise
Released (5.14.2-6ubuntu2.2)
quantal
Released (5.14.2-13ubuntu0.1)
raring Not vulnerable
(5.14.2-16)
saucy Not vulnerable
(5.14.2-16)
trusty Not vulnerable
(5.14.2-16)
upstream
Released (5.14.2-16)
utopic Not vulnerable
(5.14.2-16)
vivid Not vulnerable
(5.14.2-16)
wily Not vulnerable
(5.14.2-16)
xenial Not vulnerable
(5.14.2-16)
yakkety Not vulnerable
(5.14.2-16)
zesty Not vulnerable
(5.14.2-16)
Patches:

upstream: https://github.com/markstos/CGI.pm/pull/23.patch