Skip to main content

Configuration

CVE-2012-5526

Severity Medium
Score 5/10

Summary

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) "Set-Cookie" or (2) "P3P" headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • NONE
  • NONE

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

  • Published