Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-3172
HistoryNov 05, 2010 - 5:00 p.m.

CVE-2010-3172

2010-11-0517:00:02
CWE-94
[email protected]
web.nvd.nist.gov
34
bugzilla
cve-2010-3172
crlf injection
http response splitting
security vulnerability

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.

Affected configurations

NVD
Node
mozillabugzillaRange3.2.8
OR
mozillabugzillaMatch2.0
OR
mozillabugzillaMatch2.2
OR
mozillabugzillaMatch2.4
OR
mozillabugzillaMatch2.6
OR
mozillabugzillaMatch2.8
OR
mozillabugzillaMatch2.9
OR
mozillabugzillaMatch2.10
OR
mozillabugzillaMatch2.12
OR
mozillabugzillaMatch2.14
OR
mozillabugzillaMatch2.14.1
OR
mozillabugzillaMatch2.14.2
OR
mozillabugzillaMatch2.14.3
OR
mozillabugzillaMatch2.14.4
OR
mozillabugzillaMatch2.14.5
OR
mozillabugzillaMatch2.16
OR
mozillabugzillaMatch2.16rc1
OR
mozillabugzillaMatch2.16rc2
OR
mozillabugzillaMatch2.16.1
OR
mozillabugzillaMatch2.16.2
OR
mozillabugzillaMatch2.16.3
OR
mozillabugzillaMatch2.16.4
OR
mozillabugzillaMatch2.16.5
OR
mozillabugzillaMatch2.16.6
OR
mozillabugzillaMatch2.16.7
OR
mozillabugzillaMatch2.16.8
OR
mozillabugzillaMatch2.16.9
OR
mozillabugzillaMatch2.16.10
OR
mozillabugzillaMatch2.16.11
OR
mozillabugzillaMatch2.16_rc2
OR
mozillabugzillaMatch2.17
OR
mozillabugzillaMatch2.17.1
OR
mozillabugzillaMatch2.17.2
OR
mozillabugzillaMatch2.17.3
OR
mozillabugzillaMatch2.17.4
OR
mozillabugzillaMatch2.17.5
OR
mozillabugzillaMatch2.17.6
OR
mozillabugzillaMatch2.17.7
OR
mozillabugzillaMatch2.18
OR
mozillabugzillaMatch2.18rc1
OR
mozillabugzillaMatch2.18rc2
OR
mozillabugzillaMatch2.18rc3
OR
mozillabugzillaMatch2.18.1
OR
mozillabugzillaMatch2.18.2
OR
mozillabugzillaMatch2.18.3
OR
mozillabugzillaMatch2.18.4
OR
mozillabugzillaMatch2.18.5
OR
mozillabugzillaMatch2.18.6
OR
mozillabugzillaMatch2.18.6\+
OR
mozillabugzillaMatch2.18.7
OR
mozillabugzillaMatch2.18.8
OR
mozillabugzillaMatch2.18.9
OR
mozillabugzillaMatch2.19
OR
mozillabugzillaMatch2.19.1
OR
mozillabugzillaMatch2.19.2
OR
mozillabugzillaMatch2.19.3
OR
mozillabugzillaMatch2.20
OR
mozillabugzillaMatch2.20rc1
OR
mozillabugzillaMatch2.20rc2
OR
mozillabugzillaMatch2.20.1
OR
mozillabugzillaMatch2.20.2
OR
mozillabugzillaMatch2.20.3
OR
mozillabugzillaMatch2.20.4
OR
mozillabugzillaMatch2.20.5
OR
mozillabugzillaMatch2.20.6
OR
mozillabugzillaMatch2.20.7
OR
mozillabugzillaMatch2.21
OR
mozillabugzillaMatch2.21.1
OR
mozillabugzillaMatch2.21.2
OR
mozillabugzillaMatch2.22
OR
mozillabugzillaMatch2.22rc1
OR
mozillabugzillaMatch2.22.1
OR
mozillabugzillaMatch2.22.2
OR
mozillabugzillaMatch2.22.3
OR
mozillabugzillaMatch2.22.4
OR
mozillabugzillaMatch2.22.5
OR
mozillabugzillaMatch2.22.6
OR
mozillabugzillaMatch2.22.7
OR
mozillabugzillaMatch2.23
OR
mozillabugzillaMatch2.23.1
OR
mozillabugzillaMatch2.23.2
OR
mozillabugzillaMatch2.23.3
OR
mozillabugzillaMatch2.23.4
OR
mozillabugzillaMatch3.2
OR
mozillabugzillaMatch3.2rc1
OR
mozillabugzillaMatch3.2rc2
OR
mozillabugzillaMatch3.2.1
OR
mozillabugzillaMatch3.2.2
OR
mozillabugzillaMatch3.2.3
OR
mozillabugzillaMatch3.2.4
OR
mozillabugzillaMatch3.2.5
OR
mozillabugzillaMatch3.2.6
OR
mozillabugzillaMatch3.2.7
OR
mozillabugzillaMatch3.4.1
OR
mozillabugzillaMatch3.4.2
OR
mozillabugzillaMatch3.4.3
OR
mozillabugzillaMatch3.4.4
OR
mozillabugzillaMatch3.4.5
OR
mozillabugzillaMatch3.4.6
OR
mozillabugzillaMatch3.4.7
OR
mozillabugzillaMatch3.4.8
OR
mozillabugzillaMatch3.6.0
OR
mozillabugzillaMatch3.6.1
OR
mozillabugzillaMatch3.6.2
OR
mozillabugzillaMatch4.0

Related

ubuntucve 3
nvd 3
nessus 14
cvelist 3
prion 3
openvas 14
securityvulns 3
debiancve 2
fedora 3
cve 2
f5 1
gentoo 1
ubuntucve
ubuntucve
CVE-2010-3172
2010-11-05 00:00:00
CVE-2010-2761
2010-12-06 00:00:00
CVE-2010-4410
2010-12-06 00:00:00
nvd
nvd
CVE-2010-3172
2010-11-05 17:00:02
CVE-2010-2761
2010-12-06 20:12:58
CVE-2010-4410
2010-12-06 20:13:00
nessus
nessus
Bugzilla Response Splitting
2010-11-15 00:00:00
Bugzilla < 3.2.9 / 3.4.9 / 3.6.3 Multiple Vulnerabilities
2010-11-05 00:00:00
openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)
2011-05-05 00:00:00
cvelist
cvelist
CVE-2010-3172
2010-11-05 16:28:00
CVE-2010-2761
2010-12-06 20:00:00
CVE-2010-4410
2010-12-06 20:00:00
prion
prion
Crlf injection
2010-11-05 17:00:00
Hardcoded credentials
2010-12-06 20:12:00
Crlf injection
2010-12-06 20:13:00
openvas
openvas
Bugzilla Response Splitting and Security Bypass Vulnerabilities
2010-11-05 00:00:00
Fedora Update for bugzilla FEDORA-2010-17274
2010-12-02 00:00:00
Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)
2010-12-23 00:00:00
securityvulns
securityvulns
Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
2010-11-04 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-11-04 00:00:00
[ MDVSA-2010:250 ] perl-CGI-Simple
2010-12-12 00:00:00
debiancve
debiancve
CVE-2010-2761
2010-12-06 20:12:58
CVE-2010-4410
2010-12-06 20:13:00
fedora
fedora
[SECURITY] Fedora 14 Update: bugzilla-3.6.3-1.fc14
2010-11-14 21:29:45
[SECURITY] Fedora 13 Update: bugzilla-3.4.9-1.fc13
2010-11-14 21:28:33
[SECURITY] Fedora 12 Update: bugzilla-3.4.9-1.fc12
2010-11-14 21:31:53
cve
cve
CVE-2010-2761
2010-12-06 20:12:58
CVE-2010-4410
2010-12-06 20:13:00
f5
f5
K55423848 : CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410
2017-09-13 00:00:00
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2011-10-10 00:00:00

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON
Related for CVE-2010-3172
ubuntucve3nvd3nessus14cvelist3prion3openvas14securityvulns3debiancve2fedora3cve2f51gentoo1