CVE-2010-2761

Priority
Description
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in
CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary
string in multipart/x-mixed-replace content, which allows remote attackers
to inject arbitrary HTTP headers and conduct HTTP response splitting
attacks via crafted input that contains this value, a different
vulnerability than CVE-2010-3172.
Notes
mdeslaurdebian fix in perl is cgi-multiline-header.diff
Package
Upstream:released (1.111-2)
Package
Source: perl (LP Ubuntu Debian)
Upstream:released (5.10.1-17)
More Information

Updated: 2020-09-10 01:36:56 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)