Vulnerability Details CVE-2010-4411
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://openwall.com/lists/oss-security/2010/12/01/3
- http://secunia.com/advisories/43033
- http://secunia.com/advisories/43068
- http://secunia.com/advisories/43165
- http://www.bugzilla.org/security/3.2.9/
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
- http://www.vupen.com/english/advisories/2011/0106
- http://www.vupen.com/english/advisories/2011/0207
- http://www.vupen.com/english/advisories/2011/0212
- http://www.vupen.com/english/advisories/2011/0271
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://openwall.com/lists/oss-security/2010/12/01/3
- http://secunia.com/advisories/43033
- http://secunia.com/advisories/43068
- http://secunia.com/advisories/43165
- http://www.bugzilla.org/security/3.2.9/
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
- http://www.vupen.com/english/advisories/2011/0106
- http://www.vupen.com/english/advisories/2011/0207
- http://www.vupen.com/english/advisories/2011/0212
- http://www.vupen.com/english/advisories/2011/0271
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
Products affected by CVE-2010-4411
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.4
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.42
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.43
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.44
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.45
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.50
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.51
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.52
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.53
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.54
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.55
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.56
-
cpe:2.3:a:andy_armstrong:cgi.pm:1.57
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.0
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.01
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.13
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.14
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.15
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.16
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.17
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.18
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.19
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.20
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.21
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.22
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.23
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.24
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.25
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.26
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.27
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.28
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.29
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.30
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.31
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.32
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.33
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.34
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.35
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.36
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.37
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.38
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.39
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.40
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.41
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.42
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.43
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.44
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.45
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.46
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.47
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.48
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.49
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.50
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.51
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.52
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.53
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.54
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.55
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.56
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.57
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.58
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.59
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.60
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.61
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.62
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.63
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.64
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.65
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.66
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.67
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.68
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.69
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.70
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.71
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.72
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.73
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.74
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.75
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.751
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.752
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.76
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.77
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.78
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.79
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.80
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.81
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.82
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.83
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.84
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.85
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.86
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.87
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.88
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.89
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.90
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.91
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.92
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.93
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.94
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.95
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.96
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.97
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.98
-
cpe:2.3:a:andy_armstrong:cgi.pm:2.99
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.00
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.01
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.02
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.03
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.04
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.05
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.06
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.07
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.08
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.09
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.10
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.11
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.12
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.13
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.14
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.15
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.16
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.17
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.18
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.19
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.20
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.21
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.22
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.23
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.24
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.25
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.26
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.27
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.28
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.29
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.30
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.31
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.32
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.33
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.34
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.35
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.36
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.37
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.38
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.39
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.40
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.41
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.42
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.43
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.44
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.45
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.46
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.47
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.48
-
cpe:2.3:a:andy_armstrong:cgi.pm:3.49