{"id":"CVE-2011-2766","details":"The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.","modified":"2026-01-27T04:10:54.762740Z","published":"2011-09-23T10:55:03Z","withdrawn":"2026-01-27T04:10:54.762740Z","related":["openSUSE-SU-2024:10387-1"],"references":[{"type":"REPORT","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479"},{"type":"ADVISORY","url":"http://www.debian.org/security/2011/dsa-2327"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:001"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2011/09/08/1"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2011/09/08/2"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/49549"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=736604"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/69709"},{"type":"FIX","url":"https://rt.cpan.org/Public/Bug/Display.html?id=68380"},{"type":"WEB","url":"https://hermes.opensuse.org/messages/13154637"},{"type":"WEB","url":"https://hermes.opensuse.org/messages/13155253"}],"schema_version":"1.7.3"}