CVE-2012-5526

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Date published : 2012-11-21

http://www.securityfocus.com/bid/56562

http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes