|
Description
|
|
A vulnerability has been identified in Mandriva, which could allow attackers to gain knowledge of sensitive information. This issue is caused by an error in the header function in the "CGI.pm" and "Simple.pm" files within CGI::Simple, which could be exploited to conduct HTTP response splitting attacks and cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Mandriva Corporate 4.0Mandriva Enterprise Server 5.0
|
|
|
|
|
|
Solution
|
|
Upgrade the affected packages :Corporate 4.0:575a970c9dc85982b88b3610f881aeea corporate/4.0/i586/perl-CGI-Simple-0.077-1.2.20060mlcs4.noarch.rpm4cf16af44ac7aeaee3e950f8029ae1ef corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.2.20060mlcs4.src.rpmCorporate 4.0/X86_64:28c8101be550456f2406b9d1ccb81284 corporate/4.0/x86_64/perl-CGI-Simple-0.077-1.2.20060mlcs4.noarch.rpm4cf16af44ac7aeaee3e950f8029ae1ef corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.2.20060mlcs4.src.rpmMandriva Enterprise Server 5:9f8ac88c6490d5e3c37abb221b88deb0 mes5/i586/perl-CGI-Simple-1.1-4.2mdvmes5.1.noarch.rpmd64f4d1322a327ac2f5a9bdde280525a mes5/SRPMS/perl-CGI-Simple-1.1-4.2mdvmes5.1.src.rpmMandriva Enterprise Server 5/X86_64:1c1dcd1d837926671b4a79a9e9147c2c mes5/x86_64/perl-CGI-Simple-1.1-4.2mdvmes5.1.noarch.rpmd64f4d1322a327ac2f5a9bdde280525a mes5/SRPMS/perl-CGI-Simple-1.1-4.2mdvmes5.1.src.rpm
|
|
|
|
|
|
CVE
|
|
CVE-2010-4410
|
|
|
|
|
|
References
|
|
http://lists.mandriva.com/security-announce/2010-12/msg00012.php
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
