Summary
The host is installed with Strawberry Perl and is prone to HTTP header injection vulnerability.
Impact
Successful exploitation will allow attackers to inject new header items or modify header items.
Impact Level: Application
Solution
Upgrade to Strawberry Perl CGI.pm module version 3.63 or later, For updates refer to http://strawberryperl.com
Insight
The 'CGI.pm' module does not properly filter carriage returns from user supplied input to be used in Set-Cookie and P3P headers.
Affected
Strawberry Perl CGI.pm module before 3.63 on Windows
References
Severity
Classification
-
CVE CVE-2012-5526 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Apache Tomcat Multiple Vulnerabilities - 03 Mar14