CVE-2010-4410

Related Files

VMware Security Advisory 2012-0013

Posted Sep 1, 2012

Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0013 - VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.

tags | advisory, vulnerability

advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2010-2761, CVE-2010-4180, CVE-2010-4252, CVE-2010-4410, CVE-2011-0014, CVE-2011-1020, CVE-2011-1089, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2699, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-3597, CVE-2011-4108, CVE-2011-4109, CVE-2011-4110, CVE-2011-4128, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4576, CVE-2011-4577, CVE-2011-4609

SHA-256 | ab37b6926b046653acdeeef66e7c85ba

Download | Favorite | View

Red Hat Security Advisory 2011-1797-01

Posted Dec 8, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1797-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request.

tags | advisory, remote, web, arbitrary, cgi, perl

systems | linux, redhat

advisories | CVE-2010-2761, CVE-2010-4410, CVE-2011-3597

SHA-256 | 4dd2ff62109698b9d1de32696e2c6a19a08749ab01aacf35058867ffd8177aab

Download | Favorite | View

Ubuntu Security Notice USN-1129-1

Posted May 4, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1129-1 - It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. It was discovered that the CGI.pm Perl module incorrectly handled newline characters. It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input.

tags | advisory, cgi, perl

systems | linux, ubuntu

advisories | CVE-2010-1168, CVE-2010-1447, CVE-2010-2761, CVE-2010-4410, CVE-2010-4411, CVE-2011-1487

SHA-256 | d9b1c961a1a1802599f059cb53ed30cf4056e452151be196e148d2b3c967d09f

Download | Favorite | View

Mandriva Linux Security Advisory 2010-252

Posted Dec 15, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-252 - CRLF injection vulnerability in the header function in CGI.pm before 3.50 and Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than and CVE-2010-3172. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, cgi

systems | linux, mandriva

advisories | CVE-2010-4410

SHA-256 | e673d65425078b647a81248fd3a6bcfe33d72b98933037ec1ba2b87ba0135c36

Download | Favorite | View