|
Description
|
|
A vulnerability has been identified in Mandriva, which could allow attackers to gain knowledge of sensitive information. This issue is caused by an error in the "multipart_init()" function in the "CGI.pm" and "Simple.pm" files within CGI::Simple, which could be exploited to conduct HTTP response splitting attacks and cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Mandriva Corporate 4.0Mandriva Enterprise Server 5.0
|
|
|
|
|
|
Solution
|
|
Upgrade the affected packages :Corporate 4.0:b2e5ffba685cf732133e42fe1b82791d corporate/4.0/i586/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpme37ee0869e2fd9f4e875354edca20c6f corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpmCorporate 4.0/X86_64:5231722e821a5478827e17293dd0836b corporate/4.0/x86_64/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpme37ee0869e2fd9f4e875354edca20c6f corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpmMandriva Enterprise Server 5:04f4b7381ba21a1ba14845a06b680fb1 mes5/i586/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm15d6dc30e4dbf78a7371c1715386f552 mes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpmMandriva Enterprise Server 5/X86_64:bf81ab1b1798bb141b74c6f8e6d59630 mes5/x86_64/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm15d6dc30e4dbf78a7371c1715386f552 mes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm
|
|
|
|
|
|
CVE
|
|
CVE-2010-4411
CVE-2010-2761
|
|
|
|
|
|
References
|
|
http://lists.mandriva.com/security-announce/2010-12/msg00009.php
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
