CVE-2011-2766

Name of the Vulnerable Software and Affected Versions FCGI module versions 0.70 through 0.73

Description The issue concerns the FCGI module for Perl, which allows remote attackers to bypass authentication via crafted HTTP headers. This is due to the module using environment variable values from one request during the processing of a later request. The exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions 0.70 through 0.73, consider updating to a version outside of this range to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the CGI::Fast module until a patch is available. Avoid using crafted HTTP headers in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.