Security Advisories (6)

CVE-2012-5526 (2012-11-21)

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

CVE-2011-2766 (2011-11-08)

Usage of deprecated FCGI.pm API.

CPANSA-CGI-2010-02 (2010-11-08)

Non-random MIME boundary.

CPANSA-CGI-2010-01 (2010-02-05)

Newlines in headers.

CVE-2010-4411 (2010-12-06)

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

CVE-2010-2761 (2010-12-06)

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

NAME

CGI::Session::File - Default CGI::Session driver

REVISION

This manual refers to $Revision: 1.7 $

SYNOPSIS

use CGI::Session qw/-api3/ 
$session = new CGI::Session("driver:File", undef, {Directory=>'/tmp'});

For more examples, consult CGI::Session manual

DESCRIPTION

CGI::Session::File is a default CGI::Session driver. Stores the session data in plain files. For the list of available methods, consult CGI::Session manual.

Each session is stored in a seperate file. File name is by default formatted as "cgisess_%s", where '%s' is replaced with the effective session id. To change file name formatting, update $CGI::Session::File::NAME variable. Examples:

$CGI::Session::File::FileName = 'cgisess_%s.dat';       # with .dat extention
$CGI::Session::File::FileName = '%s.session';
$CGI::Session::File::FileName = '%CGI-Session-%s.dat';  # old style

The only driver option required is 'Directory', which denotes the location session files are stored in.

Example:

$session = new CGI::Session("driver:File", undef, {Directory=>'some/directory'});

COPYRIGHT

This library is free software and can be modified and distributed under the same terms as Perl itself.

Bug reports should be directed to sherzodr@cpan.org, or posted to Cgi-session@ultracgis.com mailing list.

AUTHOR

CGI::Session::File is written and maintained by Sherzod Ruzmetov <sherzodr@cpan.org>

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)