/ 
CGI-Session3
River stage four • 306 direct dependents • 1699 total dependents
/ CGI::Session::DB_File
Security Advisories (6)
CVE-2012-5526 (2012-11-21)

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

CVE-2011-2766 (2011-11-08)

Usage of deprecated FCGI.pm API.

CPANSA-CGI-2010-02 (2010-11-08)

Non-random MIME boundary.

CPANSA-CGI-2010-01 (2010-02-05)

Newlines in headers.

CVE-2010-4411 (2010-12-06)

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

CVE-2010-2761 (2010-12-06)

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

NAME

CGI::Session::DB_File - DB_File driver for CGI::Session

SYNOPSIS

use CGI::Session;
$session = new CGI::Session("driver:DB_File", undef, {Directory=>'/tmp'});

For more details, refer to CGI::Session manual

DESCRIPTION

CGI::Session::DB_File is a CGI::Session driver to store session data in BerkeleyDB. Filename to store the session data is by default 'cgisess.db'. If you want different name, you can either specify it with the "FileName" option as below:

$s = new CGI::Session::DB_File(undef, {Directory=>'/tmp', FileName=>'sessions.db'});

or by setting the value of the $CGI::Session::DB_File::NAME variable before creating the session object:

$CGI::Session::DB_File::NAME = 'sessions.db';
$s = new CGI::Session("driver:DB_File", undef, {Directory=>'/tmp'});

The only driver option required, as in the above examples, is "Directory", which tells the driver where the session file and lock files should be created.

"FileName" option is also available, but not required.

COPYRIGHT

Copyright (C) 2001-2002 Sherzod Ruzmetov. All rights reserved.

This library is free software and can be modified and distributed under the same terms as Perl itself.

Bug reports should be directed to sherzodr@cpan.org, or posted to Cgi-session@ultracgis.com mailing list.

AUTHOR

CGI::Session::DB_File is written and maintained by Sherzod Ruzmetov <sherzodr@cpan.org>

SEE ALSO

CGI::Session CGI::Session::MySQL CGI::Session::DB_File CGI::Session::BerkelyDB