VDB
DEBIAN-CVE-2010-2761
DEBIAN-CVE-2010-2761
PUBLISHED
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | perl | 0, 0, 0 |
| Debian:11 | libcgi-simple-perl | 0, 0, 0 |
| Debian:14 | libcgi-simple-perl | 0, 0, 0 |
| Debian:11 | libcgi-pm-perl | 0, 0, 0 |
| Debian:12 | libcgi-simple-perl | 0, 0, 0 |
| Debian:14 | libcgi-pm-perl | 0, 0, 0 |
| Debian:13 | libcgi-pm-perl | 0, 0, 0 |
| Debian:13 | perl | 0, 0, 0 |
| Debian:12 | libcgi-pm-perl | 0, 0, 0 |
| Debian:12 | perl | 0, 0, 0 |
| Debian:13 | libcgi-simple-perl | 0, 0, 0 |
| Debian:11 | perl | 0, 0, 0 |
Timeline
- Dec 6, 2010 CVE Published
- Apr 28, 2026 CVE Updated