Mandriva Linux Security Advisory : fcgi (MDVSA-2012:001)
High Nessus Plugin ID 57428
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been found and corrected in fcgi :
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers (CVE-2011-2766).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected perl-FCGI package.