Test Kennung:	1.3.6.1.4.1.25623.1.0.803160
Kategorie:	General
Titel:	Strawberry Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Windows)
Zusammenfassung:	The host is installed with Strawberry Perl and is prone to HTTP; header injection vulnerability.
Beschreibung:	Summary: The host is installed with Strawberry Perl and is prone to HTTP header injection vulnerability. Vulnerability Insight: The 'CGI.pm' module does not properly filter carriage returns from user supplied input to be used in Set-Cookie and P3P headers. Vulnerability Impact: Successful exploitation will allow attackers to inject new header items or modify header items. Affected Software/OS: Strawberry Perl CGI.pm module before 3.63 on Windows Solution: Upgrade to Strawberry Perl CGI.pm module version 3.63 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	BugTraq ID: 56562 Common Vulnerability Exposure (CVE) ID: CVE-2012-5526 http://www.securityfocus.com/bid/56562 Debian Security Information: DSA-2586 (Google Search) http://www.debian.org/security/2012/dsa-2586 https://github.com/markstos/CGI.pm/pull/23 http://www.openwall.com/lists/oss-security/2012/11/15/6 RedHat Security Advisories: RHSA-2013:0685 http://rhn.redhat.com/errata/RHSA-2013-0685.html http://www.securitytracker.com/id?1027780 http://secunia.com/advisories/51457 http://secunia.com/advisories/55314 http://www.ubuntu.com/usn/USN-1643-1 XForce ISS Database: perl-cgipm-header-injection(80098) https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
Copyright	Copyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.