Summary
The host is installed with Active Perl and is prone to HTTP header injection vulnerability.
Impact
Successful exploitation will allow attackers to inject new header items or modify header items.
Impact Level: Application
Solution
Upgrade to Active Perl CGI.pm module version 3.63 or later, For updates refer to http://www.perl.org/get.html
Insight
The 'CGI.pm' module does not properly filter carriage returns from user supplied input to be used in Set-Cookie and P3P headers.
Affected
Active Perl CGI.pm module before 3.63 on Windows
References
Severity
Classification
-
CVE CVE-2012-5526 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
- Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Win)