CGI 3.02 Deleted
Security Advisories
CVE-2012-5526
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
- http://www.securityfocus.com/bid/56562
- http://www.openwall.com/lists/oss-security/2012/11/15/6
- https://github.com/markstos/CGI.pm/pull/23
- http://www.securitytracker.com/id?1027780
- http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
- http://secunia.com/advisories/51457
- http://www.ubuntu.com/usn/USN-1643-1
- http://www.debian.org/security/2012/dsa-2586
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/55314
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
Fixed version: >=3.63
Reported: 2012-11-21
CVE-2011-2766
Usage of deprecated FCGI.pm API.
- https://rt.cpan.org/Public/Bug/Display.html?id=68380
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766
Fixed version: >=3.56
Reported: 2011-11-08
Non-random MIME boundary.
Fixed version: >=3.50
Reported: 2010-11-08
Newlines in headers.
Fixed version: >=3.49
Reported: 2010-02-05
CVE-2010-4411
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
- http://openwall.com/lists/oss-security/2010/12/01/3
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
- http://www.vupen.com/english/advisories/2011/0106
- http://www.bugzilla.org/security/3.2.9/
- http://secunia.com/advisories/43033
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://www.vupen.com/english/advisories/2011/0207
- http://www.vupen.com/english/advisories/2011/0271
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43165
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Fixed version: >=3.50
Reported: 2010-12-06
CVE-2010-2761
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
- https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
- http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
- http://openwall.com/lists/oss-security/2010/12/01/1
- http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
- http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm
- http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1
- http://openwall.com/lists/oss-security/2010/12/01/2
- http://openwall.com/lists/oss-security/2010/12/01/3
- https://bugzilla.mozilla.org/show_bug.cgi?id=600464
- http://osvdb.org/69588
- http://osvdb.org/69589
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
- http://www.vupen.com/english/advisories/2011/0076
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
- http://secunia.com/advisories/42877
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://www.vupen.com/english/advisories/2011/0207
- http://www.bugzilla.org/security/3.2.9/
- http://secunia.com/advisories/43033
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
- http://secunia.com/advisories/43147
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
- http://www.vupen.com/english/advisories/2011/0249
- http://www.vupen.com/english/advisories/2011/0271
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43165
- http://secunia.com/advisories/43068
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://www.redhat.com/support/errata/RHSA-2011-1797.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Fixed version: >=3.50
Reported: 2010-12-06
Kwalitee Issues
- has_meta_yml
-
Add a META.yml to the distribution. Your buildtool should be able to autogenerate it.
- has_changelog
-
Add a Changelog (best named 'Changes') to the distribution. It should list at least major changes implemented in newer versions.
- has_human_readable_license
-
Add a section called "LICENSE" to the documentation, or add a file named LICENSE to the distribution.
- has_license_in_source_file
-
Add =head1 LICENSE and the text of the license to the main module in your code.
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: CGI, CGI::Fast, CGI::Object, CGI::Object::CGIlib, CGI::Object::Html, CGI::Object::Misc, CGI::Object::Misc::append, CGI::Object::Misc::delete, CGI::Object::Misc::delete_all, CGI::Object::Misc::dump, CGI::Object::Misc::import_names, CGI::Object::Misc::keywords, CGI::Object::Misc::param_fetch, CGI::Object::Misc::parse_keywordlist, CGI::Object::Misc::print, CGI::Object::Misc::raw_cookie, CGI::Object::Misc::raw_fetch, CGI::Object::Misc::read_from_cmdline, CGI::Object::Misc::restore, CGI::Object::Misc::save, CGI::Object::Misc::to_filehandle, CGI::Object::Misc::url_param, CGI::Object::Misc::use_named_parameters, CGI::Object::Multipart, CGI::Object::Request, CGI::Object::Response, CGI::Object::SelfLoader, CGI::Object::State, CGI::Push, autoload
- prereq_matches_use
-
List all used modules in META.yml requires
Error:
- FCGI
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: CGI.pm-3.02/CGI.pm -- Around line 1267: Expected text after =item, not a number Around line 1271: Expected text after =item, not a number Around line 1275: Expected text after =item, not a number Around line 1702: Expected text after =item, not a number Around line 1706: Expected text after =item, not a number Around line 1711: Expected text after =item, not a number Around line 1716: Expected text after =item, not a number Around line 1812: Expected text after =item, not a number Around line 1816: Expected text after =item, not a number Around line 1827: Expected text after =item, not a number Around line 1832: Expected text after =item, not a number Around line 1984: Expected text after =item, not a number Around line 1990: Expected text after =item, not a number Around line 1999: Expected text after =item, not a number Around line 2003: Expected text after =item, not a number Around line 2009: Expected text after =item, not a number Around line 2054: Expected text after =item, not a number Around line 2062: Expected text after =item, not a number Around line 2069: Expected text after =item, not a number Around line 2075: Expected text after =item, not a number Around line 2082: Expected text after =item, not a number Around line 2137: Expected text after =item, not a number Around line 2143: Expected text after =item, not a number Around line 2148: Expected text after =item, not a number Around line 2154: Expected text after =item, not a number Around line 2196: Expected text after =item, not a number Around line 2200: Expected text after =item, not a number Around line 2208: Expected text after =item, not a number Around line 2215: Expected text after =item, not a number Around line 2220: Expected text after =item, not a number Around line 2227: Expected text after =item, not a number Around line 2275: Expected text after =item, not a number Around line 2283: Expected text after =item, not a number Around line 2334: Expected text after =item, not a number Around line 2339: Expected text after =item, not a number Around line 2380: Expected text after =item, not a number Around line 2385: Expected text after =item, not a number
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- proper_libs
-
Move your *.pm files in a directory named 'lib'. The directory structure should look like 'lib/Your/Module.pm' for a module named 'Your::Module'. If you need to provide additional files, e.g. for testing, that should not be considered for Kwalitee, then you should look at the 'provides' map in META.yml to limit the files scanned; or use the 'no_index' map to exclude parts of the distribution.
Error: CGI.pm, CGI/Fast.pm, CGI/Object.pm, CGI/Object/CGIlib.pm, CGI/Object/Cookie.pm, CGI/Object/Html.pm, CGI/Object/Misc.pm, CGI/Object/Misc/append.pm, CGI/Object/Misc/compile.pm, CGI/Object/Misc/delete.pm, CGI/Object/Misc/delete_all.pm, CGI/Object/Misc/dump.pm, CGI/Object/Misc/import_names.pm, CGI/Object/Misc/keywords.pm, CGI/Object/Misc/param_fetch.pm, CGI/Object/Misc/parse_keywordlist.pm, CGI/Object/Misc/print.pm, CGI/Object/Misc/raw_cookie.pm, CGI/Object/Misc/raw_fetch.pm, CGI/Object/Misc/read_from_cmdline.pm, CGI/Object/Misc/restore.pm, CGI/Object/Misc/save.pm, CGI/Object/Misc/to_filehandle.pm, CGI/Object/Misc/url_param.pm, CGI/Object/Misc/use_named_parameters.pm, CGI/Object/Multipart.pm, CGI/Object/Request.pm, CGI/Object/Response.pm, CGI/Object/SelfLoader.pm, CGI/Object/State.pm, CGI/Pretty.pm, CGI/Push.pm, autoload.pm
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- has_known_license_in_source_file
-
Add =head1 LICENSE and/or the proper text of the well-known license to the main module in your code.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: CGI, CGI::Fast, CGI::Object, CGI::Object::CGIlib, CGI::Object::Cookie, CGI::Object::Html, CGI::Object::Misc, CGI::Object::Misc::append, CGI::Object::Misc::compile, CGI::Object::Misc::delete, CGI::Object::Misc::delete_all, CGI::Object::Misc::dump, CGI::Object::Misc::import_names, CGI::Object::Misc::keywords, CGI::Object::Misc::param_fetch, CGI::Object::Misc::parse_keywordlist, CGI::Object::Misc::print, CGI::Object::Misc::raw_cookie, CGI::Object::Misc::raw_fetch, CGI::Object::Misc::read_from_cmdline, CGI::Object::Misc::restore, CGI::Object::Misc::save, CGI::Object::Misc::to_filehandle, CGI::Object::Misc::url_param, CGI::Object::Misc::use_named_parameters, CGI::Object::Multipart, CGI::Object::Request, CGI::Object::Response, CGI::Object::SelfLoader, CGI::Object::State, CGI::Pretty, CGI::Push, autoload
- no_unauthorized_packages
-
Ask the owner of the distribution (the one who released it first, or the one who is designated in x_authority) to give you a (co-)maintainer's permission.
Error:
- autoload
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.1,1.00,1.01,1.02,1.04,3.02
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
| Name | Abstract | Version | View |
|---|---|---|---|
| CGI | Simple Common Gateway Interface Class | 3.02 | metacpan |
| CGI::Fast | CGI Interface for Fast CGI | 1.02 | metacpan |
| CGI::Object | metacpan | ||
| CGI::Object::CGIlib | metacpan | ||
| CGI::Object::Cookie | metacpan | ||
| CGI::Object::Html | metacpan | ||
| CGI::Object::Misc | metacpan | ||
| CGI::Object::Multipart | metacpan | ||
| CGI::Object::Request | metacpan | ||
| CGI::Object::Response | metacpan | ||
| CGI::Object::SelfLoader | metacpan | ||
| CGI::Object::State | 0.1 | metacpan | |
| CGI::Pretty | module to produce nicely formatted HTML code | 1.04 | metacpan |
| CGI::Push | Simple Interface to Server Push | 1.01 | metacpan |
| autoload | only load modules when they're used | 1.00 | metacpan |