Summary
The host is installed with Active Perl and is prone to HTTP header injection vulnerability.
Impact
Successful exploitation will allow attackers to inject new header items or modify header items.
Impact Level: Application
Solution
Upgrade to Active Perl CGI.pm module version 3.63 or later, For updates refer to http://www.perl.org/get.html
Insight
The 'CGI.pm' module does not properly filter carriage returns from user supplied input to be used in Set-Cookie and P3P headers.
Affected
Active Perl CGI.pm module before 3.63 on Windows
References
Severity
Classification
-
CVE CVE-2012-5526 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
- Apache Tomcat servlet/JSP container default files
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)