Novell Home

CVE-2011-2766

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-2766 at MITRE

Description

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 735882

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.3
  • FastCGI-debuginfo >= 2.4.0-144.3.1
  • FastCGI-debugsource >= 2.4.0-144.3.1
  • perl-FastCGI-debuginfo >= 2.4.0-144.3.1
openSUSE 11.3
  • FastCGI >= 2.4.0-144.3.1
  • FastCGI-devel >= 2.4.0-144.3.1
  • perl-FastCGI >= 2.4.0-144.3.1
openSUSE 11.4
  • FastCGI >= 2.4.0-149.150.1
  • FastCGI-devel >= 2.4.0-149.150.1
  • perl-FastCGI >= 2.4.0-149.150.1

© 2014 Novell