CVE-2011-2766

Publication date 23 September 2011

Last updated 24 July 2024


Ubuntu priority

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
libfcgi-perl 13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric Ignored end of life
11.04 natty
Fixed 0.71-1+squeeze1build0.11.04.1
10.10 maverick
Fixed 0.71-1+squeeze1build0.10.10.1
10.04 LTS lucid
Not affected
8.04 LTS hardy
Not affected

Notes


tyhicks

Per Debian, introduced in 0.70