CVE-2010-3172

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
mozillabugzilla
𝑥
≤ 3.2.8
mozillabugzilla
2.0
mozillabugzilla
2.2
mozillabugzilla
2.4
mozillabugzilla
2.6
mozillabugzilla
2.8
mozillabugzilla
2.9
mozillabugzilla
2.10
mozillabugzilla
2.12
mozillabugzilla
2.14
mozillabugzilla
2.14.1
mozillabugzilla
2.14.2
mozillabugzilla
2.14.3
mozillabugzilla
2.14.4
mozillabugzilla
2.14.5
mozillabugzilla
2.16
mozillabugzilla
2.16:rc1
mozillabugzilla
2.16:rc2
mozillabugzilla
2.16.1
mozillabugzilla
2.16.2
mozillabugzilla
2.16.3
mozillabugzilla
2.16.4
mozillabugzilla
2.16.5
mozillabugzilla
2.16.6
mozillabugzilla
2.16.7
mozillabugzilla
2.16.8
mozillabugzilla
2.16.9
mozillabugzilla
2.16.10
mozillabugzilla
2.16.11
mozillabugzilla
2.16_rc2:_rc2
mozillabugzilla
2.17
mozillabugzilla
2.17.1
mozillabugzilla
2.17.2
mozillabugzilla
2.17.3
mozillabugzilla
2.17.4
mozillabugzilla
2.17.5
mozillabugzilla
2.17.6
mozillabugzilla
2.17.7
mozillabugzilla
2.18
mozillabugzilla
2.18:rc1
mozillabugzilla
2.18:rc2
mozillabugzilla
2.18:rc3
mozillabugzilla
2.18.1
mozillabugzilla
2.18.2
mozillabugzilla
2.18.3
mozillabugzilla
2.18.4
mozillabugzilla
2.18.5
mozillabugzilla
2.18.6
mozillabugzilla
2.18.6\+
mozillabugzilla
2.18.7
mozillabugzilla
2.18.8
mozillabugzilla
2.18.9
mozillabugzilla
2.19
mozillabugzilla
2.19.1
mozillabugzilla
2.19.2
mozillabugzilla
2.19.3
mozillabugzilla
2.20
mozillabugzilla
2.20:rc1
mozillabugzilla
2.20:rc2
mozillabugzilla
2.20.1
mozillabugzilla
2.20.2
mozillabugzilla
2.20.3
mozillabugzilla
2.20.4
mozillabugzilla
2.20.5
mozillabugzilla
2.20.6
mozillabugzilla
2.20.7
mozillabugzilla
2.21
mozillabugzilla
2.21.1
mozillabugzilla
2.21.2
mozillabugzilla
2.22
mozillabugzilla
2.22:rc1
mozillabugzilla
2.22.1
mozillabugzilla
2.22.2
mozillabugzilla
2.22.3
mozillabugzilla
2.22.4
mozillabugzilla
2.22.5
mozillabugzilla
2.22.6
mozillabugzilla
2.22.7
mozillabugzilla
2.23
mozillabugzilla
2.23.1
mozillabugzilla
2.23.2
mozillabugzilla
2.23.3
mozillabugzilla
2.23.4
mozillabugzilla
3.2
mozillabugzilla
3.2:rc1
mozillabugzilla
3.2:rc2
mozillabugzilla
3.2.1
mozillabugzilla
3.2.2
mozillabugzilla
3.2.3
mozillabugzilla
3.2.4
mozillabugzilla
3.2.5
mozillabugzilla
3.2.6
mozillabugzilla
3.2.7
mozillabugzilla
3.4.1
mozillabugzilla
3.4.2
mozillabugzilla
3.4.3
mozillabugzilla
3.4.4
mozillabugzilla
3.4.5
mozillabugzilla
3.4.6
mozillabugzilla
3.4.7
mozillabugzilla
3.4.8
mozillabugzilla
3.6.0
mozillabugzilla
3.6.1
mozillabugzilla
3.6.2
mozillabugzilla
4.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
ignored
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html
http://secunia.com/advisories/42271
http://www.bugzilla.org/security/3.2.8/
http://www.securitytracker.com/id?1024683
http://www.vupen.com/english/advisories/2010/2878
http://www.vupen.com/english/advisories/2010/2975
https://bugzilla.mozilla.org/show_bug.cgi?id=600464
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html
http://secunia.com/advisories/42271
http://www.bugzilla.org/security/3.2.8/
http://www.securitytracker.com/id?1024683
http://www.vupen.com/english/advisories/2010/2878
http://www.vupen.com/english/advisories/2010/2975
https://bugzilla.mozilla.org/show_bug.cgi?id=600464