FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-2761

This CVE name corresponds to:

Entered Topic
2011-01-25 bugzilla -- multiple serious vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-2761 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-2761
Phase Assigned(20100714)

Description

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

References

Source Reference
MLIST [oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)
MLIST [oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)
MLIST [oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=600464
CONFIRM http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
CONFIRM http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm
CONFIRM http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1
CONFIRM http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
CONFIRM https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
CONFIRM http://www.bugzilla.org/security/3.2.9/
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=591165
FEDORA FEDORA-2011-0631
FEDORA FEDORA-2011-0653
FEDORA FEDORA-2011-0741
FEDORA FEDORA-2011-0755
MANDRIVA MDVSA-2010:237
MANDRIVA MDVSA-2010:250
REDHAT RHSA-2011:1797
SUSE SUSE-SR:2011:001
SUSE SUSE-SR:2011:002
SUSE SUSE-SR:2011:005
OSVDB 69589
OSVDB 69588
SECUNIA 42877
SECUNIA 43033
SECUNIA 43147
SECUNIA 43068
SECUNIA 43165
VUPEN ADV-2011-0076
VUPEN ADV-2011-0207
VUPEN ADV-2011-0249
VUPEN ADV-2011-0212
VUPEN ADV-2011-0271

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.