Summary
The host is installed with Strawberry Perl and is prone to HTTP header injection vulnerability.
Impact
Successful exploitation will allow attackers to inject new header items or modify header items.
Impact Level: Application
Solution
Upgrade to Strawberry Perl CGI.pm module version 3.63 or later, For updates refer to http://strawberryperl.com
Insight
The 'CGI.pm' module does not properly filter carriage returns from user supplied input to be used in Set-Cookie and P3P headers.
Affected
Strawberry Perl CGI.pm module before 3.63 on Windows
References
Severity
Classification
-
CVE CVE-2012-5526 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)