Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2012-5526

Description

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

POC

Reference

- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Github

No PoCs found on GitHub currently.