Launchpad CVE tracker

CVE 2010-2761

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

Related bugs and status

CVE-2010-2761 (Candidate) is related to these bugs:

Bug #703423: Sync libcgi-simple-perl 1.111-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	703423	Sync libcgi-simple-perl 1.111-2 (universe) from Debian unstable (main)		libcgi-simple-perl (Ubuntu)	Wishlist	Fix Released

Bug #704391: Merge perl 5.10.1-17 (main) from Debian unstable (main)

Summary				In	Importance	Status
	704391	Merge perl 5.10.1-17 (main) from Debian unstable (main)		perl (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2010120...
MLIST: [oss-security] 2010120...
MLIST: [oss-security] 2010120...
MISC: https://bugzilla.mozil...
CONFIRM: http://cpansearch.perl...
CONFIRM: http://perl5.git.perl....
CONFIRM: http://perl5.git.perl....
CONFIRM: http://www.nntp.perl.o...
CONFIRM: https://github.com/And...
OSVDB: 69589
OSVDB: 69588
MANDRIVA: MDVSA-2010:237
MANDRIVA: MDVSA-2010:250
SUSE: SUSE-SR:2011:001
SECUNIA: 42877
VUPEN: ADV-2011-0076
CONFIRM: http://www.bugzilla.or...
CONFIRM: https://bugzilla.mozil...
SECUNIA: 43033
VUPEN: ADV-2011-0207
FEDORA: FEDORA-2011-0631
FEDORA: FEDORA-2011-0653
SECUNIA: 43147
VUPEN: ADV-2011-0249
FEDORA: FEDORA-2011-0741
FEDORA: FEDORA-2011-0755
SUSE: SUSE-SR:2011:002
SECUNIA: 43068
SECUNIA: 43165
VUPEN: ADV-2011-0212
VUPEN: ADV-2011-0271
REDHAT: RHSA-2011:1797
SUSE: SUSE-SR:2011:005
CONFIRM: http://kb.juniper.net/...
CONFIRM: http://kb.juniper.net/...

Launchpad.net

CVE 2010-2761

Related bugs and status

Related bugs

References