CVE-2012-5526

Name of the Vulnerable Software and Affected Versions libcgi-pm-perl versions prior to 3.63

Description The issue concerns the CGI.pm module for Perl, which does not properly escape newlines in (1) Set-Cookie or (2) P3P headers. This could allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm, potentially leading to a breach of protected information. The exploitation of these vulnerabilities can be done remotely.

Recommendations For versions prior to 3.63, update to version 3.63 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CGI.pm module until a patch is available. Avoid using the CGI.pm module in applications that require secure handling of Set-Cookie or P3P headers until the issue is resolved.