CVE-2011-2766
- Source
- https://cve.org/CVERecord?id=CVE-2011-2766
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-2766.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2011-2766
- Downstream
- Related
- Published
- 2011-09-23T10:55:03Z
- Modified
- 2026-04-10T03:41:53.177076Z
- Summary
- [none]
- Details
-
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.
- References
-
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479
- http://www.debian.org/security/2011/dsa-2327
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:001
- http://www.openwall.com/lists/oss-security/2011/09/08/1
- http://www.openwall.com/lists/oss-security/2011/09/08/2
- http://www.securityfocus.com/bid/49549
- https://bugzilla.redhat.com/show_bug.cgi?id=736604
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69709
- https://rt.cpan.org/Public/Bug/Display.html?id=68380
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479
- http://www.openwall.com/lists/oss-security/2011/09/08/1
- http://www.openwall.com/lists/oss-security/2011/09/08/2
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479
- https://bugzilla.redhat.com/show_bug.cgi?id=736604
- https://rt.cpan.org/Public/Bug/Display.html?id=68380
- https://rt.cpan.org/Public/Bug/Display.html?id=68380
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479
- https://bugzilla.redhat.com/show_bug.cgi?id=736604
- https://hermes.opensuse.org/messages/13154637
- https://hermes.opensuse.org/messages/13155253