Search for vulnerabilities
Vulnerability details: VCID-rv7b-ubht-aaac
Vulnerability ID VCID-rv7b-ubht-aaac
Aliases CVE-2012-5526
Summary CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-16 Configuration
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5526.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0685
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.00787 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0172 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
epss 0.0401 https://api.first.org/data/v1/epss?cve=CVE-2012-5526
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=877015
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2012-5526
generic_textual Low https://ubuntu.com/security/notices/USN-1643-1
generic_textual Low http://www.openwall.com/lists/oss-security/2012/11/15/4
Reference id Reference type URL
http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5526.html
http://rhn.redhat.com/errata/RHSA-2013-0685.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5526.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
http://secunia.com/advisories/51457
http://secunia.com/advisories/55314
https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
https://github.com/markstos/CGI.pm/pull/23
https://ubuntu.com/security/notices/USN-1643-1
http://www.debian.org/security/2012/dsa-2586
http://www.openwall.com/lists/oss-security/2012/11/15/4
http://www.openwall.com/lists/oss-security/2012/11/15/6
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/56562
http://www.securitytracker.com/id?1027780
http://www.ubuntu.com/usn/USN-1643-1
693420 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693420
877015 https://bugzilla.redhat.com/show_bug.cgi?id=877015
cpe:2.3:a:andy_armstrong:cgi.pm:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:andy_armstrong:cgi.pm:*:*:*:*:*:*:*:*
CVE-2012-5526 https://nvd.nist.gov/vuln/detail/CVE-2012-5526
RHSA-2013:0685 https://access.redhat.com/errata/RHSA-2013:0685
USN-1643-1 https://usn.ubuntu.com/1643-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-5526
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.81908
EPSS Score 0.00787
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.