/ 
CGI.pm-2.78
River stage four • 286 direct dependents • 1214 total dependents
Security Advisories (6)
CVE-2012-5526 (2012-11-21)

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

CVE-2011-2766 (2011-11-08)

Usage of deprecated FCGI.pm API.

CPANSA-CGI-2010-02 (2010-11-08)

Non-random MIME boundary.

CPANSA-CGI-2010-01 (2010-02-05)

Newlines in headers.

CVE-2010-4411 (2010-12-06)

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

CVE-2010-2761 (2010-12-06)

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

Modules

CGI
Simple Common Gateway Interface Class
CGI::Apache
Backward compatibility module for CGI.pm
CGI::Carp
CGI routines for writing to the HTTPD (or other) error log
CGI::Cookie
Interface to Netscape Cookies
CGI::Fast
CGI Interface for Fast CGI
CGI::Pretty
module to produce nicely formatted HTML code
CGI::Push
Simple Interface to Server Push
CGI::Switch
Backward compatibility module for defunct CGI::Switch
CGI::Util
Internal utilities used by CGI module

Provides

CGITempFile
in CGI.pm
Fh
in CGI.pm
MultipartBuffer
in CGI.pm

Examples

Other files