CVE-2012-5526
libcgi-pm-perl - HTTP header injection
EPSS 1.7%
Description
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
How to fix CVE-2012-5526
To remediate CVE-2012-5526, upgrade the affected package to a fixed version below.
- Debian/libcgi-pm-perl—upgrade to 3.61-2 or later
- Debian/libcgi-pm-perl—upgrade to 3.49-1squeeze2 or later
- Debian/perl—upgrade to 5.14.2-16 or later
Is CVE-2012-5526 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.61-2
- from 0, < 3.49-1squeeze2
- from 0, < 5.14.2-16