CGI 3.14 Deleted
Security Advisories
CVE-2012-5526
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
- http://www.securityfocus.com/bid/56562
- http://www.openwall.com/lists/oss-security/2012/11/15/6
- https://github.com/markstos/CGI.pm/pull/23
- http://www.securitytracker.com/id?1027780
- http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
- http://secunia.com/advisories/51457
- http://www.ubuntu.com/usn/USN-1643-1
- http://www.debian.org/security/2012/dsa-2586
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/55314
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
Fixed version: >=3.63
Reported: 2012-11-21
CVE-2011-2766
Usage of deprecated FCGI.pm API.
- https://rt.cpan.org/Public/Bug/Display.html?id=68380
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766
Fixed version: >=3.56
Reported: 2011-11-08
Non-random MIME boundary.
Fixed version: >=3.50
Reported: 2010-11-08
Newlines in headers.
Fixed version: >=3.49
Reported: 2010-02-05
CVE-2010-4411
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
- http://openwall.com/lists/oss-security/2010/12/01/3
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
- http://www.vupen.com/english/advisories/2011/0106
- http://www.bugzilla.org/security/3.2.9/
- http://secunia.com/advisories/43033
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://www.vupen.com/english/advisories/2011/0207
- http://www.vupen.com/english/advisories/2011/0271
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43165
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Fixed version: >=3.50
Reported: 2010-12-06
CVE-2010-2761
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
- https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
- http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
- http://openwall.com/lists/oss-security/2010/12/01/1
- http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
- http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm
- http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1
- http://openwall.com/lists/oss-security/2010/12/01/2
- http://openwall.com/lists/oss-security/2010/12/01/3
- https://bugzilla.mozilla.org/show_bug.cgi?id=600464
- http://osvdb.org/69588
- http://osvdb.org/69589
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
- http://www.vupen.com/english/advisories/2011/0076
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
- http://secunia.com/advisories/42877
- https://bugzilla.mozilla.org/show_bug.cgi?id=591165
- http://www.vupen.com/english/advisories/2011/0207
- http://www.bugzilla.org/security/3.2.9/
- http://secunia.com/advisories/43033
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
- http://secunia.com/advisories/43147
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
- http://www.vupen.com/english/advisories/2011/0249
- http://www.vupen.com/english/advisories/2011/0271
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43165
- http://secunia.com/advisories/43068
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://www.redhat.com/support/errata/RHSA-2011-1797.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Fixed version: >=3.50
Reported: 2010-12-06
Kwalitee Issues
- distname_matches_name_in_meta
-
Use a proper tool to make a distribution. You might also need to fix META files if you keep them in the repository.
Error: CGI.pm
- has_human_readable_license
-
Add a section called "LICENSE" to the documentation, or add a file named LICENSE to the distribution.
- has_license_in_source_file
-
Add =head1 LICENSE and the text of the license to the main module in your code.
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: CGI, CGI::Apache, CGI::Carp, CGI::Cookie, CGI::Fast, CGI::Push, CGI::Switch
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: CGI.pm-3.14/CGI.pm -- Around line 5120: Expected text after =item, not a number Around line 5124: Expected text after =item, not a number Around line 5128: Expected text after =item, not a number Around line 5682: Expected text after =item, not a number Around line 5686: Expected text after =item, not a number Around line 5691: Expected text after =item, not a number Around line 5696: Expected text after =item, not a number Around line 5765: Expected text after =item, not a number Around line 5769: Expected text after =item, not a number Around line 5780: Expected text after =item, not a number Around line 5785: Expected text after =item, not a number Around line 6080: Expected text after =item, not a number Around line 6086: Expected text after =item, not a number Around line 6095: Expected text after =item, not a number Around line 6099: Expected text after =item, not a number Around line 6105: Expected text after =item, not a number Around line 6111: Expected text after =item, not a number Around line 6155: Expected text after =item, not a number Around line 6163: Expected text after =item, not a number Around line 6170: Expected text after =item, not a number Around line 6244: Expected text after =item, not a number Around line 6250: Expected text after =item, not a number Around line 6255: Expected text after =item, not a number Around line 6261: Expected text after =item, not a number Around line 6301: Expected text after =item, not a number Around line 6305: Expected text after =item, not a number Around line 6313: Expected text after =item, not a number Around line 6320: Expected text after =item, not a number Around line 6325: Expected text after =item, not a number Around line 6398: Expected text after =item, not a number Around line 6404: Expected text after =item, not a number Around line 6410: Expected text after =item, not a number Around line 6459: Expected text after =item, not a number Around line 6464: Expected text after =item, not a number Around line 6502: Expected text after =item, not a number Around line 6507: Expected text after =item, not a number
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- has_known_license_in_source_file
-
Add =head1 LICENSE and/or the proper text of the well-known license to the main module in your code.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: CGI, CGI::Apache, CGI::Carp, CGI::Cookie, CGI::Fast, CGI::Pretty, CGI::Push, CGI::Switch, CGI::Util
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 1.04,1.05,1.08,1.26,1.29,1.5,3.14
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
CGI | Simple Common Gateway Interface Class | 3.14 | metacpan |
CGI::Carp | CGI routines for writing to the HTTPD (or other) error log | 1.29 | metacpan |
CGI::Cookie | Interface to Netscape Cookies | 1.26 | metacpan |
CGI::Fast | CGI Interface for Fast CGI | 1.05 | metacpan |
CGI::Pretty | module to produce nicely formatted HTML code | 1.08 | metacpan |
CGI::Push | Simple Interface to Server Push | 1.04 | metacpan |
CGI::Util | Internal utilities used by CGI module | 1.5 | metacpan |