NVD Vulnerability Detail

CVE-2010-2761

Summary	The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
Publication Date	Dec. 7, 2010, 5:12 a.m.
Registration Date	Jan. 29, 2021, 11:03 a.m.
Last Update	Nov. 21, 2024, 10:17 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:andy_armstrong:cgi.pm::::::::		3.49
cpe:2.3:a:andy_armstrong:cgi.pm:1.4:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.42:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.43:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.44:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.45:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.50:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.51:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.52:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.53:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.54:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.55:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.56:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.57:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.0:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.01:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.13:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.14:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.15:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.16:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.17:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.18:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.19:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.20:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.21:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.22:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.23:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.24:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.25:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.26:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.27:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.28:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.29:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.30:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.31:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.32:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.33:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.34:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.35:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.36:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.37:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.38:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.39:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.40:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.41:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.42:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.43:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.44:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.45:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.46:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.47:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.48:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.49:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.50:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.51:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.52:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.53:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.54:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.55:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.56:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.57:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.58:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.59:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.60:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.61:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.62:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.63:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.64:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.65:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.66:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.67:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.68:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.69:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.70:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.71:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.72:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.73:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.74:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.75:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.76:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.77:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.78:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.79:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.80:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.81:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.82:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.83:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.84:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.85:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.86:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.87:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.88:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.89:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.90:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.91:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.92:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.93:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.94:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.95:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.96:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.97:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.98:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.99:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.751:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.752:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.00:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.01:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.02:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.03:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.04:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.05:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.06:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.07:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.08:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.09:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.10:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.11:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.12:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.13:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.14:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.15:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.16:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.17:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.18:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.19:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.20:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.21:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.22:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.23:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.24:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.25:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.26:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.27:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.28:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.29:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.30:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.31:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.32:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.33:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.34:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.35:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.36:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.37:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.38:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.39:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.40:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.41:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.42:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.43:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.44:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.45:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.46:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.47:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.48:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple::::::::		1.112
cpe:2.3:a:andy_armstrong:cgi-simple:0.078:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.079:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.080:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.081:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.082:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.83:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.0:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.103:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.104:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.105:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.106:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.107:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.108:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.109:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.110:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.111:::::::*

Related information, measures and tools

No	URL	タグ
1	http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
2	http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
3	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
4	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
5	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
6	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
7	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
8	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
9	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
10	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
11	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
12	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
13	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
14	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
15	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
16	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
17	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
18	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
19	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
20	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
21	http://openwall.com/lists/oss-security/2010/12/01/1	Patch
22	http://openwall.com/lists/oss-security/2010/12/01/1	Patch
23	http://openwall.com/lists/oss-security/2010/12/01/2
24	http://openwall.com/lists/oss-security/2010/12/01/2
25	http://openwall.com/lists/oss-security/2010/12/01/3	Patch
26	http://openwall.com/lists/oss-security/2010/12/01/3	Patch
27	http://osvdb.org/69588
28	http://osvdb.org/69588
29	http://osvdb.org/69589
30	http://osvdb.org/69589
31	http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm	Patch
32	http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm	Patch
33	http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1	Patch
34	http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1	Patch
35	http://secunia.com/advisories/42877
36	http://secunia.com/advisories/42877
37	http://secunia.com/advisories/43033
38	http://secunia.com/advisories/43033
39	http://secunia.com/advisories/43068
40	http://secunia.com/advisories/43068
41	http://secunia.com/advisories/43147
42	http://secunia.com/advisories/43147
43	http://secunia.com/advisories/43165
44	http://secunia.com/advisories/43165
45	http://www.bugzilla.org/security/3.2.9/
46	http://www.bugzilla.org/security/3.2.9/
47	http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
48	http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
49	http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
50	http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
51	http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html	Patch
52	http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html	Patch
53	http://www.redhat.com/support/errata/RHSA-2011-1797.html
54	http://www.redhat.com/support/errata/RHSA-2011-1797.html
55	http://www.vupen.com/english/advisories/2011/0076
56	http://www.vupen.com/english/advisories/2011/0076
57	http://www.vupen.com/english/advisories/2011/0207
58	http://www.vupen.com/english/advisories/2011/0207
59	http://www.vupen.com/english/advisories/2011/0212
60	http://www.vupen.com/english/advisories/2011/0212
61	http://www.vupen.com/english/advisories/2011/0249
62	http://www.vupen.com/english/advisories/2011/0249
63	http://www.vupen.com/english/advisories/2011/0271
64	http://www.vupen.com/english/advisories/2011/0271
65	https://bugzilla.mozilla.org/show_bug.cgi?id=591165
66	https://bugzilla.mozilla.org/show_bug.cgi?id=591165
67	https://bugzilla.mozilla.org/show_bug.cgi?id=600464
68	https://bugzilla.mozilla.org/show_bug.cgi?id=600464
69	https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380	Patch
70	https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html

JVN Vulnerability Information

CGI.pm および CGI::Simple の multipart_init 関数における任意の HTTP ヘッダを挿入される脆弱性

Title	CGI.pm および CGI::Simple の multipart_init 関数における任意の HTTP ヘッダを挿入される脆弱性
Summary	CGI.pm および CGI::Simple の Simple.pm 内にある multipart_init 関数は、multipart/x-mixed-replace コンテンツの MIME 境界文字列のハードコード化された値を使用しているため、任意の HTTP ヘッダを挿入され、HTTP レスポンス分割攻撃を誘発される脆弱性が存在します。本脆弱性は、CVE-2010-3172 とは異なる脆弱性です。
Possible impacts	第三者により、巧妙に細工された入力を介して、任意の HTTP ヘッダを挿入され、HTTP レスポンス分割攻撃を誘発される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 6, 2010, midnight
Registration Date	Feb. 21, 2011, 2:28 p.m.
Last Update	Dec. 17, 2012, 4:21 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

オラクル

Oracle Solaris 10

VMware

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

VMware ESXi

Andy Armstrong

CGI-Simple 1.112 およびそれ以前

CGI.pm 3.50 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-2761	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
National Vulnerability Database (NVD)
2	CVE-2010-2761	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2761
SECURITY BLOG
3	CVE-2010-2761 Code Injection Vulnerability in Perl	https://blogs.oracle.com/sunsecurity/entry/cve_2010_2761_code_injection

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-94	https://jvndb.jvn.jp/ja/cwe/CWE-94.html

ベンダー情報

No	Name	URL
CPAN
1	Top Page	http://www.cpan.org/index.html
cpansearch
2	CGI-Simple-1.113	http://cpansearch.perl.org/src/ANDYA/CGI-Simple-1.113/Changes
3	CGI.pm-3.50	http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
Red Hat Security Advisory
4	RHSA-2011:0558	https://rhn.redhat.com/errata/RHSA-2011-0558.html
SECURITY BLOG
5	CVE_2010_2761_CVE_2010	http://blogs.oracle.com/sunsecurity/entry/cve_2010_2761_cve_2010
VMware Security Advisories
6	VMSA-2012-0013	http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0013.html

その他

No	Name	URL
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
1	69588	http://osvdb.org/69588
Secunia Advisory
2	SA42460	http://secunia.com/advisories/42460
3	SA42461	http://secunia.com/advisories/42461
SecurityFocus
4	44892	http://www.securityfocus.com/bid/44892
5	45144	http://www.securityfocus.com/bid/45144
6	45145	http://www.securityfocus.com/bid/45145

Change Log

No	Changed Details	Date of change
0	[2011年02月21日] 掲載 [2011年05月16日] 影響を受けるシステム：オラクル (cve_2010_2761_cve_2010) の情報を追加ベンダ情報：オラクル (cve_2010_2761_cve_2010) を追加 [2011年05月27日] 影響を受けるシステム：レッドハット (RHSA-2011:0558) の情報を更新ベンダ情報：レッドハット (RHSA-2011:0558) を更新 [2012年10月22日] ベンダ情報：オラクル (CVE-2010-2761 Code Injection Vulnerability in Perl) を追加 [2012年12月17日] 影響を受けるシステム：VMware (VMSA-2012-0013) の情報を追加ベンダ情報：VMware (VMSA-2012-0013) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:andy_armstrong:cgi.pm::::::::		3.49
cpe:2.3:a:andy_armstrong:cgi.pm:1.4:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.42:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.43:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.44:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.45:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.50:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.51:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.52:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.53:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.54:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.55:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.56:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:1.57:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.0:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.01:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.13:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.14:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.15:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.16:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.17:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.18:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.19:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.20:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.21:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.22:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.23:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.24:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.25:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.26:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.27:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.28:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.29:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.30:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.31:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.32:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.33:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.34:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.35:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.36:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.37:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.38:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.39:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.40:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.41:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.42:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.43:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.44:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.45:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.46:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.47:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.48:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.49:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.50:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.51:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.52:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.53:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.54:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.55:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.56:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.57:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.58:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.59:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.60:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.61:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.62:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.63:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.64:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.65:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.66:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.67:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.68:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.69:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.70:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.71:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.72:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.73:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.74:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.75:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.76:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.77:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.78:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.79:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.80:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.81:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.82:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.83:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.84:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.85:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.86:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.87:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.88:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.89:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.90:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.91:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.92:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.93:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.94:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.95:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.96:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.97:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.98:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.99:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.751:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:2.752:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.00:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.01:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.02:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.03:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.04:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.05:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.06:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.07:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.08:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.09:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.10:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.11:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.12:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.13:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.14:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.15:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.16:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.17:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.18:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.19:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.20:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.21:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.22:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.23:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.24:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.25:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.26:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.27:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.28:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.29:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.30:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.31:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.32:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.33:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.34:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.35:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.36:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.37:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.38:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.39:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.40:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.41:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.42:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.43:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.44:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.45:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.46:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.47:::::::*
cpe:2.3:a:andy_armstrong:cgi.pm:3.48:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple::::::::		1.112
cpe:2.3:a:andy_armstrong:cgi-simple:0.078:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.079:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.080:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.081:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.082:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:0.83:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.0:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.103:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.104:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.105:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.106:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.107:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.108:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.109:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.110:::::::*
cpe:2.3:a:andy_armstrong:cgi-simple:1.111:::::::*