Summary
The host is installed with Strawberry Perl and is prone to HTTP header injection vulnerability.
Impact
Successful exploitation will allow attackers to inject new header items or modify header items.
Impact Level: Application
Solution
Upgrade to Strawberry Perl CGI.pm module version 3.63 or later, For updates refer to http://strawberryperl.com
Insight
The 'CGI.pm' module does not properly filter carriage returns from user supplied input to be used in Set-Cookie and P3P headers.
Affected
Strawberry Perl CGI.pm module before 3.63 on Windows
References
Severity
Classification
-
CVE CVE-2012-5526 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari Webkit Multiple Vulnerabilities - May13 (Mac OS X)
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
- Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)