CVE-2010-3172

Name of the Vulnerable Software and Affected Versions Bugzilla versions prior to 3.2.9 Bugzilla versions 3.4.x prior to 3.4.9 Bugzilla versions 3.6.x prior to 3.6.3 Bugzilla versions 4.0.x prior to 4.0rc1

Description The issue allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL, when Server Push is enabled in a web browser.

Recommendations For versions prior to 3.2.9, update to version 3.2.9 or later. For versions 3.4.x prior to 3.4.9, update to version 3.4.9 or later. For versions 3.6.x prior to 3.6.3, update to version 3.6.3 or later. For versions 4.0.x prior to 4.0rc1, update to version 4.0rc1 or later.