CVE-2012-5526

EPSS 1.7%

libcgi-pm-perl - HTTP header injection

Published: 11/21/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-5526

Description

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Affected packages (3)

Debian/libcgi-pm-perlfrom 0, < 3.61-2
Debian/libcgi-pm-perlfrom 0, < 3.49-1squeeze2
Debian/perlfrom 0, < 5.14.2-16

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-5526