CGI::Simple HTTP Response Splitting Vulnerability Allowing Header Injection and Cross-Site Scripting

A HTTP response splitting vulnerability has been identified in CGI::Simple versions prior to 1.282 for Perl. This flaw allows for HTTP response header injection, which could be exploited for reflected cross-site scripting (XSS) or open redirect attacks under certain conditions. The vulnerability arises because the application fails to properly validate user input in query parameters, allowing attackers to inject newline characters. This injection can be used to manipulate the HTTP response by adding arbitrary headers or even an HTML/JavaScript body, which is then reflected back to the user.

Impact

Exploitation of this vulnerability allows for HTTP response splitting, which can be used to inject malicious content into the response headers or body. This could lead to reflected cross-site scripting (XSS), open redirect vulnerabilities, cache poisoning, or other header manipulation attacks.

Reproduction

To reproduce this vulnerability, send a request to a server running CGI::Simple prior to version 1.282. Include a query parameter that is not properly validated and that contains URL-encoded newline characters. The server will respond by splitting the HTTP response and injecting the crafted headers or body, which can be observed in the response.

Remediation

Users can upgrade to CGI::Simple version 1.282 or later, where this vulnerability has been addressed.