Configuration
CVE-2012-5526
Summary
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) "Set-Cookie" or (2) "P3P" headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
- LOW
- NETWORK
- NONE
- PARTIAL
- NONE
- NONE
CWE-16 - Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
References
Advisory Timeline
- Published