Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability

Perl CGI.pm is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input.

An attacker may exploit this issue to inject arbitrary HTTP headers into a server response.

By inserting arbitrary headers into an HTTP response, attackers may be able to launch various cross-site request forgery, cross-site scripting, and HTTP-request smuggling attacks.

CGI.pm versions prior to 3.63 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus