Security Advisories (6)
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
- http://www.securityfocus.com/bid/56562
- http://www.openwall.com/lists/oss-security/2012/11/15/6
- https://github.com/markstos/CGI.pm/pull/23
- http://www.securitytracker.com/id?1027780
- http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
- http://secunia.com/advisories/51457
- http://www.ubuntu.com/usn/USN-1643-1
- http://www.debian.org/security/2012/dsa-2586
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/55314
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
Usage of deprecated FCGI.pm API.
Non-random MIME boundary.
Newlines in headers.
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
- http://openwall.com/lists/oss-security/2010/12/01/3
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
- http://www.vupen.com/english/advisories/2011/0106
- http://www.bugzilla.org/security/3.2.9/
- http://secunia.com/advisories/43033
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://www.vupen.com/english/advisories/2011/0207
- http://www.vupen.com/english/advisories/2011/0271
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43165
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
- https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
- http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
- http://openwall.com/lists/oss-security/2010/12/01/1
- http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
- http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm
- http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1
- http://openwall.com/lists/oss-security/2010/12/01/2
- http://openwall.com/lists/oss-security/2010/12/01/3
- https://bugzilla.mozilla.org/show_bug.cgi?id=600464
- http://osvdb.org/69588
- http://osvdb.org/69589
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
- http://www.vupen.com/english/advisories/2011/0076
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
- http://secunia.com/advisories/42877
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://www.vupen.com/english/advisories/2011/0207
- http://www.bugzilla.org/security/3.2.9/
- http://secunia.com/advisories/43033
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
- http://secunia.com/advisories/43147
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
- http://www.vupen.com/english/advisories/2011/0249
- http://www.vupen.com/english/advisories/2011/0271
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43165
- http://secunia.com/advisories/43068
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://www.redhat.com/support/errata/RHSA-2011-1797.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
NAME
CGI::Switch - Try more than one constructors and return the first object available
SYNOPSIS
use CGISwitch;
-or-
use CGI::Switch This, That, CGI::XA, Foo, Bar, CGI;
my $q = new CGI::Switch;DESCRIPTION
Per default the new() method tries to call new() in the three packages Apache::CGI, CGI::XA, and CGI. It returns the first CGI object it succeeds with.
The import method allows you to set up the default order of the modules to be tested.
SEE ALSO
perl(1), Apache(3), CGI(3), CGI::XA(3)
AUTHOR
Andreas König <a.koenig@mind.de>
1 POD Error
The following errors were encountered while parsing the POD:
- Around line 69:
Non-ASCII character seen before =encoding in 'König'. Assuming CP1252
Module Install Instructions
To install CGI, copy and paste the appropriate command in to your terminal.
cpanm CGIperl -MCPAN -e shell
install CGIFor more information on module installation, please visit the detailed CPAN module installation guide.