CVE-2011-2766
fast_cgi 0.70-0.73 - Authentication Bypass via HTTP Header Injection
Title source: llmDescription
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.
References (11)
Core 11
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/08/2
Exploit, Issue Tracking, Mailing List, Third Party Advisory x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/08/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69709
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=736604
Broken Link vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/13155253
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://rt.cpan.org/Public/Bug/Display.html?id=68380
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49549
Broken Link vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/13154637
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2327
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:001
Scores
EPSS
0.0724
EPSS Percentile
93.5%
Details
CWE
CWE-287
Status
published
Products (4)
debian/debian_linux
5.0
debian/debian_linux
6.0
debian/debian_linux
7.0
fast_cgi_project/fast_cgi
0.70 - 0.73
Published
Sep 23, 2011
Tracked Since
Feb 18, 2026