Security Advisories (6)
CVE-2012-5526
(2012-11-21)
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
- http://www.securityfocus.com/bid/56562
- http://www.openwall.com/lists/oss-security/2012/11/15/6
- https://github.com/markstos/CGI.pm/pull/23
- http://www.securitytracker.com/id?1027780
- http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
- http://secunia.com/advisories/51457
- http://www.ubuntu.com/usn/USN-1643-1
- http://www.debian.org/security/2012/dsa-2586
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/55314
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
CVE-2011-2766
(2011-11-08)
Usage of deprecated FCGI.pm API.
CPANSA-CGI-2010-02
(2010-11-08)
Non-random MIME boundary.
CPANSA-CGI-2010-01
(2010-02-05)
Newlines in headers.
CVE-2010-4411
(2010-12-06)
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
- http://openwall.com/lists/oss-security/2010/12/01/3
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
- http://www.vupen.com/english/advisories/2011/0106
- http://www.bugzilla.org/security/3.2.9/
- http://secunia.com/advisories/43033
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://www.vupen.com/english/advisories/2011/0207
- http://www.vupen.com/english/advisories/2011/0271
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43165
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
CVE-2010-2761
(2010-12-06)
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
- https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
- http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
- http://openwall.com/lists/oss-security/2010/12/01/1
- http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
- http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm
- http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1
- http://openwall.com/lists/oss-security/2010/12/01/2
- http://openwall.com/lists/oss-security/2010/12/01/3
- https://bugzilla.mozilla.org/show_bug.cgi?id=600464
- http://osvdb.org/69588
- http://osvdb.org/69589
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
- http://www.vupen.com/english/advisories/2011/0076
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
- http://secunia.com/advisories/42877
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://www.vupen.com/english/advisories/2011/0207
- http://www.bugzilla.org/security/3.2.9/
- http://secunia.com/advisories/43033
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
- http://secunia.com/advisories/43147
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
- http://www.vupen.com/english/advisories/2011/0249
- http://www.vupen.com/english/advisories/2011/0271
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43165
- http://secunia.com/advisories/43068
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://www.redhat.com/support/errata/RHSA-2011-1797.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Modules
Simple Common Gateway Interface Class
CGI routines for writing to the HTTPD (or other) error log
CGI Interface for Fast CGI
Examples
- examples/WORLD_WRITABLE/18.157.1.253.sav
- examples/caution.xbm
- examples/clickable_image.cgi
- examples/cookie.cgi
- examples/crash.cgi
- examples/customize.cgi
- examples/diff_upload.cgi
- examples/dna.small.gif
- examples/file_upload.cgi
- examples/frameset.cgi
- examples/index.html
- examples/internal_links.cgi
- examples/javascript.cgi
- examples/make_links.pl
- examples/monty.cgi
- examples/multiple_forms.cgi
- examples/popup.cgi
- examples/save_state.cgi
- examples/tryit.cgi
- examples/wilogo.gif
Other files
Module Install Instructions
To install CGI, copy and paste the appropriate command in to your terminal.
cpanm CGIperl -MCPAN -e shell
install CGIFor more information on module installation, please visit the detailed CPAN module installation guide.