CVE-2010-4572

CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
mozillabugzilla
𝑥
≤ 3.2.9
mozillabugzilla
2.0
mozillabugzilla
2.2
mozillabugzilla
2.4
mozillabugzilla
2.6
mozillabugzilla
2.8
mozillabugzilla
2.9
mozillabugzilla
2.10
mozillabugzilla
2.12
mozillabugzilla
2.14
mozillabugzilla
2.14.1
mozillabugzilla
2.14.2
mozillabugzilla
2.14.3
mozillabugzilla
2.14.4
mozillabugzilla
2.14.5
mozillabugzilla
2.16
mozillabugzilla
2.16:rc1
mozillabugzilla
2.16:rc2
mozillabugzilla
2.16.1
mozillabugzilla
2.16.2
mozillabugzilla
2.16.3
mozillabugzilla
2.16.4
mozillabugzilla
2.16.5
mozillabugzilla
2.16.6
mozillabugzilla
2.16.7
mozillabugzilla
2.16.8
mozillabugzilla
2.16.9
mozillabugzilla
2.16.10
mozillabugzilla
2.16.11
mozillabugzilla
2.16_rc2:_rc2
mozillabugzilla
2.17
mozillabugzilla
2.17.1
mozillabugzilla
2.17.2
mozillabugzilla
2.17.3
mozillabugzilla
2.17.4
mozillabugzilla
2.17.5
mozillabugzilla
2.17.6
mozillabugzilla
2.17.7
mozillabugzilla
2.18
mozillabugzilla
2.18:rc1
mozillabugzilla
2.18:rc2
mozillabugzilla
2.18:rc3
mozillabugzilla
2.18.1
mozillabugzilla
2.18.2
mozillabugzilla
2.18.3
mozillabugzilla
2.18.4
mozillabugzilla
2.18.5
mozillabugzilla
2.18.6
mozillabugzilla
2.18.6\+
mozillabugzilla
2.18.7
mozillabugzilla
2.18.8
mozillabugzilla
2.18.9
mozillabugzilla
2.19
mozillabugzilla
2.19.1
mozillabugzilla
2.19.2
mozillabugzilla
2.19.3
mozillabugzilla
2.20
mozillabugzilla
2.20:rc1
mozillabugzilla
2.20:rc2
mozillabugzilla
2.20.1
mozillabugzilla
2.20.2
mozillabugzilla
2.20.3
mozillabugzilla
2.20.4
mozillabugzilla
2.20.5
mozillabugzilla
2.20.6
mozillabugzilla
2.20.7
mozillabugzilla
2.21
mozillabugzilla
2.21.1
mozillabugzilla
2.21.2
mozillabugzilla
2.22
mozillabugzilla
2.22:rc1
mozillabugzilla
2.22.1
mozillabugzilla
2.22.2
mozillabugzilla
2.22.3
mozillabugzilla
2.22.4
mozillabugzilla
2.22.5
mozillabugzilla
2.22.6
mozillabugzilla
2.22.7
mozillabugzilla
2.23
mozillabugzilla
2.23.1
mozillabugzilla
2.23.2
mozillabugzilla
2.23.3
mozillabugzilla
2.23.4
mozillabugzilla
3.2
mozillabugzilla
3.2:rc1
mozillabugzilla
3.2:rc2
mozillabugzilla
3.2.1
mozillabugzilla
3.2.2
mozillabugzilla
3.2.3
mozillabugzilla
3.2.4
mozillabugzilla
3.2.5
mozillabugzilla
3.2.6
mozillabugzilla
3.2.7
mozillabugzilla
3.2.8
mozillabugzilla
3.4.1
mozillabugzilla
3.4.2
mozillabugzilla
3.4.3
mozillabugzilla
3.4.4
mozillabugzilla
3.4.5
mozillabugzilla
3.4.6
mozillabugzilla
3.4.7
mozillabugzilla
3.4.8
mozillabugzilla
3.4.9
mozillabugzilla
3.6.0
mozillabugzilla
3.6.1
mozillabugzilla
3.6.2
mozillabugzilla
3.6.3
mozillabugzilla
4.0
mozillabugzilla
4.0:rc1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
ignored
natty
not-affected
maverick
ignored
lucid
ignored
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://osvdb.org/70703
http://secunia.com/advisories/43033
http://secunia.com/advisories/43165
http://www.bugzilla.org/security/3.2.9/
http://www.debian.org/security/2011/dsa-2322
http://www.securityfocus.com/bid/45982
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0271
https://bugzilla.mozilla.org/show_bug.cgi?id=621572
https://exchange.xforce.ibmcloud.com/vulnerabilities/65440
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://osvdb.org/70703
http://secunia.com/advisories/43033
http://secunia.com/advisories/43165
http://www.bugzilla.org/security/3.2.9/
http://www.debian.org/security/2011/dsa-2322
http://www.securityfocus.com/bid/45982
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0271
https://bugzilla.mozilla.org/show_bug.cgi?id=621572
https://exchange.xforce.ibmcloud.com/vulnerabilities/65440