CVE-2012-5572

Dancer < 1.3113 - CRLF Injection via Cookie Name

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.

References (6)

Core 6
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108749.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:184
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/26/10
Issue Tracking x_refsource_confirm
https://github.com/PerlDancer/Dancer/issues/859
Various Sources x_refsource_confirm
https://github.com/PerlDancer/Dancer/blob/devel/CHANGES
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2013-0183.html

Scores

EPSS 0.0150
EPSS Percentile 71.2%

Details

CWE
CWE-20
Status published
Products (10)
dancer/dancer 1.150
dancer/dancer 1.3060
dancer/dancer 1.3071
dancer/dancer 1.3079_3
dancer/dancer 1.3079_5
dancer/dancer 1.3110
dancer/dancer 1.3111
dancer/dancer 1.3111_01
dancer/dancer 1.3112
dancer/dancer < 1.3113
Published May 30, 2014
Tracked Since Feb 18, 2026