Vulnerabilities > Andy Armstrong
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-11-21 | CVE-2012-5526 | Configuration vulnerability in Andy Armstrong Cgi.Pm CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. | 5.0 |
2010-12-06 | CVE-2010-4411 | Unspecified vulnerability in Andy Armstrong Cgi.Pm Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. network andy-armstrong | 4.3 |
2010-12-06 | CVE-2010-4410 | Code Injection vulnerability in Andy Armstrong Cgi-Simple and Cgi.Pm CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. | 4.3 |
2010-12-06 | CVE-2010-2761 | Code Injection vulnerability in Andy Armstrong Cgi-Simple and Cgi.Pm The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. | 4.3 |