ID de Prueba:	1.3.6.1.4.1.25623.1.0.68578
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:250 (perl-CGI-Simple)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to perl-CGI-Simple announced via advisory MDVSA-2010:250. A vulnerability was discovered and corrected in perl-CGI-Simple: The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172 (CVE-2010-2761). The updated packages have been patched to correct this issue. Affected: Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:250 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3172 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://www.securitytracker.com/id?1024683 http://secunia.com/advisories/42271 http://www.vupen.com/english/advisories/2010/2878 http://www.vupen.com/english/advisories/2010/2975 Common Vulnerability Exposure (CVE) ID: CVE-2010-2761 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:237 http://www.mandriva.com/security/advisories?name=MDVSA-2010:250 https://bugzilla.mozilla.org/show_bug.cgi?id=600464 http://openwall.com/lists/oss-security/2010/12/01/1 http://openwall.com/lists/oss-security/2010/12/01/2 http://openwall.com/lists/oss-security/2010/12/01/3 http://osvdb.org/69588 http://osvdb.org/69589 http://www.redhat.com/support/errata/RHSA-2011-1797.html http://secunia.com/advisories/42877 http://secunia.com/advisories/43033 http://secunia.com/advisories/43068 http://secunia.com/advisories/43147 http://secunia.com/advisories/43165 SuSE Security Announcement: SUSE-SR:2011:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.vupen.com/english/advisories/2011/0076 http://www.vupen.com/english/advisories/2011/0207 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0249 http://www.vupen.com/english/advisories/2011/0271
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.