PT-2011-1610 · Mozilla · Bugzilla

Frédéric Buclin

Published

2011-01-28

Updated

2017-08-17

CVE-2010-4572

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-4572

DSA-2322-1

Affected Products

Bugzilla

PT-2011-1610 · Mozilla · Bugzilla

CVE-2010-4572

Weakness Enumeration

Related Identifiers

Affected Products

References · 14