{"id": "SECURITYVULNS:DOC:25088", "bulletinFamily": "software", "title": "Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSummary\r\n=======\r\n\r\nBugzilla is a Web-based bug-tracking system used by a large number of\r\nsoftware projects. The following security issues have been discovered\r\nin Bugzilla:\r\n\r\n* There is a way to inject both headers and content to users, causing\r\n a serious Cross-Site Scripting vulnerability.\r\n\r\n* It was possible to see graphs from Old Charts even if you did not\r\n have access to a particular product, and you could browse a\r\n particular URL to see all product names.\r\n\r\n* YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x,\r\n contained a security vulnerability. The version of YUI shipped\r\n with Bugzilla 4.0rc1 and above has been updated to 2.8.2.\r\n\r\nAll affected installations are encouraged to upgrade as soon as\r\npossible.\r\n\r\nVulnerability Details\r\n=====================\r\n\r\nClass: HTTP Response Splitting\r\nVersions: Every Version Before 3.2.9, 3.4.9, 3.6.3, 4.0rc1\r\nFixed In: 3.2.9, 3.4.9, 3.6.3, 4.0rc1\r\nDescription: By inserting a certain string into a URL, it was possible\r\n to inject both headers and content to any browser that\r\n supported "Server Push" (mostly only Gecko-based browsers\r\n like Firefox). This could lead to Cross-Site Scripting\r\n vulnerabilities, and possibly other more dangerous\r\n security issues as well.\r\nReferences: https://bugzilla.mozilla.org/show_bug.cgi?id=600464\r\n http://cwe.mitre.org/data/definitions/113.html\r\nCVE Number: CVE-2010-3172\r\n\r\nClass: Information Leak\r\nVersions: 2.12 to 3.2.8, 3.4.8, 3.6.2, 3.7.3, 4.1\r\nFixed In: 3.2.9, 3.4.9, 3.6.3, 4.0rc1\r\nDescription: The Old Charts system generated graphs with\r\n predictable names into the "graphs/" directory,\r\n which also could be browsed to see its contents.\r\n This allowed unauthorized users to see product names\r\n and charted information about those products over time.\r\nReferences: https://bugzilla.mozilla.org/show_bug.cgi?id=419014\r\nCVE Number: CVE-2010-3764\r\n\r\nClass: Cross-Site Scripting\r\nVersions: 3.7.1 to 3.7.3, 4.1\r\nFixed In: 4.0rc1\r\nDescription: YUI 2.8.1 was vulnerable to a Cross-Site Scripting\r\n vulnerability in certain .swf files. The YUI shipped\r\n with Bugzilla has been updated to 2.8.2.\r\nReferences: https://bugzilla.mozilla.org/show_bug.cgi?id=606618\r\n http://secunia.com/advisories/41955\r\n http://yuilibrary.com/support/2.8.2/\r\n\r\nVulnerability Solutions\r\n=======================\r\n\r\nThe fixes for these issues are included in the 3.2.9, 3.4.9, 3.6.3, and\r\n4.0rc1 releases. Upgrading to a release with the relevant fixes will\r\nprotect your installation from possible exploits of these issues.\r\n\r\nIf you are unable to upgrade but would like to patch just the\r\nindividual security vulnerabilities, there are patches available for\r\neach issue at the bugzilla.mozilla.org "References" URL for each\r\nvulnerability.\r\n\r\nFull release downloads, patches to upgrade Bugzilla from previous\r\nversions, and CVS/bzr upgrade instructions are available at:\r\n\r\n http://www.bugzilla.org/download/\r\n\r\n\r\nCredits\r\n=======\r\n\r\nThe Bugzilla team wish to thank the following people/organizations for\r\ntheir assistance in locating, advising us of, and assisting us to fix\r\nthis issue:\r\n\r\nFrederic Buclin\r\nByron Jones\r\nMax Kanat-Alexander\r\nMarc Schumann\r\nMichael Coates\r\nPhilip Gillissen\r\nMasahiro Yamada\r\n\r\nGeneral information about the Bugzilla bug-tracking system can be found\r\nat:\r\n\r\n http://www.bugzilla.org/\r\n\r\nComments and follow-ups can be directed to the mozilla.support.bugzilla\r\nnewsgroup or the support-bugzilla mailing list.\r\nhttp://www.bugzilla.org/support/ has directions for accessing these\r\nforums.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\nComment: Using GnuPG with Fedora - http://enigmail.mozdev.org/\r\n\r\niEYEARECAAYFAkzR2h0ACgkQaL2D/aEJPK4b5wCeNl0ZgnrYVsqL+2c5Wn4gsHo0\r\nvMwAnixlXSwrFw9ReV/mt8YAVmWlc7JE\r\n=aV4Q\r\n-----END PGP SIGNATURE-----", "published": "2010-11-04T00:00:00", "modified": "2010-11-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25088", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2010-3172", "CVE-2010-3764"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:37", "edition": 1, "viewCount": 11, "enchantments": {"score": {"value": 5.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4410"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-2761", "DEBIANCVE:CVE-2010-4410"]}, {"type": "f5", "idList": ["F5:K55423848"]}, {"type": "fedora", "idList": ["FEDORA:11E8C110625", "FEDORA:31EAD110625", "FEDORA:66B8011057C"]}, {"type": "gentoo", "idList": ["GLSA-201110-03"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2010-2761/"]}, {"type": "nessus", "idList": ["5700.PRM", "BUGZILLA_RESPONSE_SPLITTING.NASL", "FEDORA_2010-17235.NASL", "FEDORA_2010-17274.NASL", "FEDORA_2010-17280.NASL", "GENTOO_GLSA-201110-03.NASL", "SUSE_11_2_PERL-110112.NASL", "SUSE_11_2_PERL-CGI-SIMPLE-110107.NASL", "SUSE_11_3_PERL-110112.NASL", "SUSE_11_3_PERL-CGI-SIMPLE-110107.NASL", "SUSE_11_PERL-110112.NASL", "SUSE_PERL-7316.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:100892", "OPENVAS:1361412562310100892", "OPENVAS:136141256231070766", "OPENVAS:1361412562310831281", "OPENVAS:1361412562310831286", "OPENVAS:1361412562310862551", "OPENVAS:1361412562310862552", "OPENVAS:1361412562310862625", "OPENVAS:70766", "OPENVAS:831281", "OPENVAS:831286", "OPENVAS:862551", "OPENVAS:862552", "OPENVAS:862625"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25284", "SECURITYVULNS:VULN:11229"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-3172", "UB:CVE-2010-3764"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2010-3172", "CVE-2010-3764"]}, {"type": "fedora", "idList": ["FEDORA:66B8011057C"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2010-2761/"]}, {"type": "nessus", "idList": ["BUGZILLA_RESPONSE_SPLITTING.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831281", "OPENVAS:1361412562310862551"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25284"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-3764"]}]}, "exploitation": null, "vulnersScore": 5.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Bugzilla is a popular bug tracking system used by multiple open source proj ects It requires a database engine installed - either MySQL, PostgreSQL or Oracl e. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. ", "edition": 2, "cvss3": {}, "published": "2010-11-14T21:29:45", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: bugzilla-3.6.3-1.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764"], "modified": "2010-11-14T21:29:45", "id": "FEDORA:66B8011057C", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Bugzilla is a popular bug tracking system used by multiple open source proj ects It requires a database engine installed - either MySQL, PostgreSQL or Oracl e. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. ", "edition": 2, "cvss3": {}, "published": "2010-11-14T21:28:33", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: bugzilla-3.4.9-1.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1204", "CVE-2010-3172", "CVE-2010-3764"], "modified": "2010-11-14T21:28:33", "id": "FEDORA:11E8C110625", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Bugzilla is a popular bug tracking system used by multiple open source proj ects It requires a database engine installed - either MySQL, PostgreSQL or Oracl e. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. ", "edition": 2, "cvss3": {}, "published": "2010-11-14T21:31:53", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: bugzilla-3.4.9-1.fc12", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3386", "CVE-2009-3387", "CVE-2009-3989", "CVE-2010-1204", "CVE-2010-3172", "CVE-2010-3764"], "modified": "2010-11-14T21:31:53", "id": "FEDORA:31EAD110625", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2018-01-03T10:54:37", "description": "Check for the Version of bugzilla", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for bugzilla FEDORA-2010-17274", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:1361412562310862625", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bugzilla FEDORA-2010-17274\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bugzilla on Fedora 14\";\ntag_insight = \"Bugzilla is a popular bug tracking system used by multiple open source projects\n It requires a database engine installed - either MySQL, PostgreSQL or Oracle.\n Without one of these database engines (local or remote), Bugzilla will not work\n - see the Release Notes for details.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862625\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-17274\");\n script_cve_id(\"CVE-2010-3764\", \"CVE-2010-3172\");\n script_name(\"Fedora Update for bugzilla FEDORA-2010-17274\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bugzilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~3.6.3~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:09:58", "description": "Bugzilla is prone to a response-splitting vulnerability and a security-\nbypass vulnerability.\n\nSuccessfully exploiting these issues may allow an attacker to bypass\ncertain security restrictions; obtain sensitive information; and\ninfluence or misrepresent how web content is served, cached, or\ninterpreted. This could aid in various attacks that try to instill\nclient users with a false sense of trust.\n\nThese issues affect versions prior to 3.2.9, 3.4.9, and 3.6.3.", "cvss3": {}, "published": "2010-11-05T00:00:00", "type": "openvas", "title": "Bugzilla Response Splitting and Security Bypass Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764"], "modified": "2017-02-10T00:00:00", "id": "OPENVAS:100892", "href": "http://plugins.openvas.org/nasl.php?oid=100892", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_bugzilla_44618.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Bugzilla Response Splitting and Security Bypass Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Bugzilla is prone to a response-splitting vulnerability and a security-\nbypass vulnerability.\n\nSuccessfully exploiting these issues may allow an attacker to bypass\ncertain security restrictions; obtain sensitive information; and\ninfluence or misrepresent how web content is served, cached, or\ninterpreted. This could aid in various attacks that try to instill\nclient users with a false sense of trust.\n\nThese issues affect versions prior to 3.2.9, 3.4.9, and 3.6.3.\";\n\ntag_solution = \"Updates are available. Please see the references for more information.\";\n\nif (description)\n{\n script_id(100892);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-05 13:21:25 +0100 (Fri, 05 Nov 2010)\");\n script_bugtraq_id(44618);\n script_cve_id(\"CVE-2010-3172\",\"CVE-2010-3764\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_name(\"Bugzilla Response Splitting and Security Bypass Vulnerabilities\");\n\n script_xref(name : \"URL\" , value : \"https://www.securityfocus.com/bid/44618\");\n script_xref(name : \"URL\" , value : \"http://www.bugzilla.org/security/3.2.8/\");\n script_xref(name : \"URL\" , value : \"http://www.bugzilla.org\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"bugzilla_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nif (!can_host_php(port:port)) exit(0);\n\nif(vers = get_version_from_kb(port:port,app:\"bugzilla/version\")) {\n\n if(version_in_range(version:vers, test_version: \"3.6\", test_version2:\"3.6.2\") ||\n version_in_range(version:vers, test_version: \"3.4\", test_version2:\"3.4.8\") ||\n version_in_range(version:vers, test_version: \"3.2\", test_version2:\"3.2.8\")) {\n security_message(port:port);\n exit(0);\n }\n\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-07-17T14:31:33", "description": "Bugzilla is prone to a response-splitting vulnerability and a security-\n bypass vulnerability.", "cvss3": {}, "published": "2010-11-05T00:00:00", "type": "openvas", "title": "Bugzilla Response Splitting and Security Bypass Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310100892", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100892", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Bugzilla Response Splitting and Security Bypass Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:bugzilla\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100892\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-11-05 13:21:25 +0100 (Fri, 05 Nov 2010)\");\n script_bugtraq_id(44618);\n script_cve_id(\"CVE-2010-3172\", \"CVE-2010-3764\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_name(\"Bugzilla Response Splitting and Security Bypass Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/44618\");\n script_xref(name:\"URL\", value:\"http://www.bugzilla.org/security/3.2.8/\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"bugzilla_detect.nasl\");\n script_mandatory_keys(\"bugzilla/installed\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"Bugzilla is prone to a response-splitting vulnerability and a security-\n bypass vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting these issues may allow an attacker to:\n\n - bypass certain security restrictions\n\n - obtain sensitive information\n\n - influence or misrepresent how web content is served, cached, or interpreted.\n\n This could aid in various attacks that try to install client users with a false sense of trust.\");\n\n script_tag(name:\"affected\", value:\"These issues affect versions prior to 3.2.9, 3.4.9, and 3.6.3.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_in_range(version:vers, test_version: \"3.6\", test_version2:\"3.6.2\") ||\n version_in_range(version:vers, test_version: \"3.4\", test_version2:\"3.4.8\") ||\n version_in_range(version:vers, test_version: \"3.2\", test_version2:\"3.2.8\")) {\n security_message(port:port);\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-12-15T11:57:59", "description": "Check for the Version of bugzilla", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for bugzilla FEDORA-2010-17274", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:862625", "href": "http://plugins.openvas.org/nasl.php?oid=862625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bugzilla FEDORA-2010-17274\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bugzilla on Fedora 14\";\ntag_insight = \"Bugzilla is a popular bug tracking system used by multiple open source projects\n It requires a database engine installed - either MySQL, PostgreSQL or Oracle.\n Without one of these database engines (local or remote), Bugzilla will not work\n - see the Release Notes for details.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html\");\n script_id(862625);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-17274\");\n script_cve_id(\"CVE-2010-3764\", \"CVE-2010-3172\");\n script_name(\"Fedora Update for bugzilla FEDORA-2010-17274\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bugzilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~3.6.3~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:24", "description": "Check for the Version of bugzilla", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for bugzilla FEDORA-2010-17280", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1204", "CVE-2010-3172", "CVE-2010-3764"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:1361412562310862551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bugzilla FEDORA-2010-17280\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bugzilla on Fedora 13\";\ntag_insight = \"Bugzilla is a popular bug tracking system used by multiple open source projects\n It requires a database engine installed - either MySQL, PostgreSQL or Oracle.\n Without one of these database engines (local or remote), Bugzilla will not work\n - see the Release Notes for details.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862551\");\n script_version(\"$Revision: 8244 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-17280\");\n script_cve_id(\"CVE-2010-3764\", \"CVE-2010-1204\", \"CVE-2010-3172\");\n script_name(\"Fedora Update for bugzilla FEDORA-2010-17280\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bugzilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~3.4.9~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-14T11:48:38", "description": "Check for the Version of bugzilla", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for bugzilla FEDORA-2010-17280", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1204", "CVE-2010-3172", "CVE-2010-3764"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:862551", "href": "http://plugins.openvas.org/nasl.php?oid=862551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bugzilla FEDORA-2010-17280\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bugzilla on Fedora 13\";\ntag_insight = \"Bugzilla is a popular bug tracking system used by multiple open source projects\n It requires a database engine installed - either MySQL, PostgreSQL or Oracle.\n Without one of these database engines (local or remote), Bugzilla will not work\n - see the Release Notes for details.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html\");\n script_id(862551);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-17280\");\n script_cve_id(\"CVE-2010-3764\", \"CVE-2010-1204\", \"CVE-2010-3172\");\n script_name(\"Fedora Update for bugzilla FEDORA-2010-17280\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bugzilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~3.4.9~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:37", "description": "Check for the Version of bugzilla", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for bugzilla FEDORA-2010-17235", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3386", "CVE-2010-1204", "CVE-2009-3387", "CVE-2010-3172", "CVE-2010-3764", "CVE-2009-3989"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:862552", "href": "http://plugins.openvas.org/nasl.php?oid=862552", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bugzilla FEDORA-2010-17235\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bugzilla on Fedora 12\";\ntag_insight = \"Bugzilla is a popular bug tracking system used by multiple open source projects\n It requires a database engine installed - either MySQL, PostgreSQL or Oracle.\n Without one of these database engines (local or remote), Bugzilla will not work\n - see the Release Notes for details.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html\");\n script_id(862552);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-17235\");\n script_cve_id(\"CVE-2010-3764\", \"CVE-2010-1204\", \"CVE-2009-3989\", \"CVE-2009-3387\", \"CVE-2009-3386\", \"CVE-2010-3172\");\n script_name(\"Fedora Update for bugzilla FEDORA-2010-17235\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bugzilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~3.4.9~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-25T10:55:17", "description": "Check for the Version of bugzilla", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for bugzilla FEDORA-2010-17235", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3386", "CVE-2010-1204", "CVE-2009-3387", "CVE-2010-3172", "CVE-2010-3764", "CVE-2009-3989"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310862552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862552", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bugzilla FEDORA-2010-17235\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bugzilla on Fedora 12\";\ntag_insight = \"Bugzilla is a popular bug tracking system used by multiple open source projects\n It requires a database engine installed - either MySQL, PostgreSQL or Oracle.\n Without one of these database engines (local or remote), Bugzilla will not work\n - see the Release Notes for details.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862552\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-17235\");\n script_cve_id(\"CVE-2010-3764\", \"CVE-2010-1204\", \"CVE-2009-3989\", \"CVE-2009-3387\", \"CVE-2009-3386\", \"CVE-2010-3172\");\n script_name(\"Fedora Update for bugzilla FEDORA-2010-17235\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bugzilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"bugzilla\", rpm:\"bugzilla~3.4.9~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:47", "description": "Check for the Version of perl-CGI-Simple", "cvss3": {}, "published": "2010-12-23T00:00:00", "type": "openvas", "title": "Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:831281", "href": "http://plugins.openvas.org/nasl.php?oid=831281", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in perl-CGI-Simple:\n\n The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm\n in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME\n boundary string in multipart/x-mixed-replace content, which allows\n remote attackers to inject arbitrary HTTP headers and conduct HTTP\n response splitting attacks via crafted input that contains this value,\n a different vulnerability than CVE-2010-3172 (CVE-2010-2761).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl-CGI-Simple on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-12/msg00009.php\");\n script_id(831281);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-23 07:38:58 +0100 (Thu, 23 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2010:250\");\n script_cve_id(\"CVE-2010-3172\", \"CVE-2010-2761\");\n script_name(\"Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-CGI-Simple\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-CGI-Simple\", rpm:\"perl-CGI-Simple~1.1~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-26T11:06:00", "description": "Check for the Version of perl-CGI-Simple", "cvss3": {}, "published": "2010-12-23T00:00:00", "type": "openvas", "title": "Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172"], "modified": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310831281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831281", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in perl-CGI-Simple:\n\n The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm\n in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME\n boundary string in multipart/x-mixed-replace content, which allows\n remote attackers to inject arbitrary HTTP headers and conduct HTTP\n response splitting attacks via crafted input that contains this value,\n a different vulnerability than CVE-2010-3172 (CVE-2010-2761).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl-CGI-Simple on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-12/msg00009.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831281\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-23 07:38:58 +0100 (Thu, 23 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2010:250\");\n script_cve_id(\"CVE-2010-3172\", \"CVE-2010-2761\");\n script_name(\"Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-CGI-Simple\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-CGI-Simple\", rpm:\"perl-CGI-Simple~1.1~4.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-18T11:04:38", "description": "Check for the Version of perl-CGI-Simple", "cvss3": {}, "published": "2010-12-28T00:00:00", "type": "openvas", "title": "Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4410", "CVE-2010-2761", "CVE-2010-3172"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310831286", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831286", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in perl-CGI-Simple:\n\n CRLF injection vulnerability in the header function in (1) CGI.pm\n before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows\n remote attackers to inject arbitrary HTTP headers and conduct HTTP\n response splitting attacks via vectors related to non-whitespace\n characters preceded by newline characters, a different vulnerability\n than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl-CGI-Simple on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-12/msg00012.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831286\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2010:252\");\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-4410\");\n script_name(\"Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-CGI-Simple\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-CGI-Simple\", rpm:\"perl-CGI-Simple~1.1~4.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-20T13:17:45", "description": "Check for the Version of perl-CGI-Simple", "cvss3": {}, "published": "2010-12-28T00:00:00", "type": "openvas", "title": "Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4410", "CVE-2010-2761", "CVE-2010-3172"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:831286", "href": "http://plugins.openvas.org/nasl.php?oid=831286", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in perl-CGI-Simple:\n\n CRLF injection vulnerability in the header function in (1) CGI.pm\n before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows\n remote attackers to inject arbitrary HTTP headers and conduct HTTP\n response splitting attacks via vectors related to non-whitespace\n characters preceded by newline characters, a different vulnerability\n than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl-CGI-Simple on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-12/msg00012.php\");\n script_id(831286);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2010:252\");\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-4410\");\n script_name(\"Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-CGI-Simple\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-CGI-Simple\", rpm:\"perl-CGI-Simple~1.1~4.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:25", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-03.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-03 (bugzilla)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4572", "CVE-2011-2380", "CVE-2011-2979", "CVE-2010-4567", "CVE-2011-2379", "CVE-2011-0046", "CVE-2011-2977", "CVE-2010-2761", "CVE-2010-4568", "CVE-2011-2978", "CVE-2010-4411", "CVE-2011-2381", "CVE-2010-3172", "CVE-2011-0048", "CVE-2010-4570", "CVE-2010-4569", "CVE-2010-3764", "CVE-2011-2976"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70766", "href": "http://plugins.openvas.org/nasl.php?oid=70766", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Bugzilla, the worst of which\n leading to privilege escalation.\";\ntag_solution = \"All Bugzilla users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.6.6'\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since August 27, 2011. It is likely that your system is\nalready\n no longer affected by this issue.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=352781\nhttp://bugs.gentoo.org/show_bug.cgi?id=380255\nhttp://bugs.gentoo.org/show_bug.cgi?id=386203\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-03.\";\n\n \n \nif(description)\n{\n script_id(70766);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-3764\", \"CVE-2010-4411\", \"CVE-2010-4567\", \"CVE-2010-4568\", \"CVE-2010-4569\", \"CVE-2010-4570\", \"CVE-2010-4572\", \"CVE-2011-0046\", \"CVE-2011-0048\", \"CVE-2011-2379\", \"CVE-2011-2380\", \"CVE-2011-2381\", \"CVE-2011-2976\", \"CVE-2011-2977\", \"CVE-2011-2978\", \"CVE-2011-2979\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-03 (bugzilla)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-apps/bugzilla\", unaffected: make_list(\"ge 3.6.6\"), vulnerable: make_list(\"lt 3.6.6\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:05", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-03.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-03 (bugzilla)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4572", "CVE-2011-2380", "CVE-2011-2979", "CVE-2010-4567", "CVE-2011-2379", "CVE-2011-0046", "CVE-2011-2977", "CVE-2010-2761", "CVE-2010-4568", "CVE-2011-2978", "CVE-2010-4411", "CVE-2011-2381", "CVE-2010-3172", "CVE-2011-0048", "CVE-2010-4570", "CVE-2010-4569", "CVE-2010-3764", "CVE-2011-2976"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231070766", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_03.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70766\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-3764\", \"CVE-2010-4411\", \"CVE-2010-4567\", \"CVE-2010-4568\", \"CVE-2010-4569\", \"CVE-2010-4570\", \"CVE-2010-4572\", \"CVE-2011-0046\", \"CVE-2011-0048\", \"CVE-2011-2379\", \"CVE-2011-2380\", \"CVE-2011-2381\", \"CVE-2011-2976\", \"CVE-2011-2977\", \"CVE-2011-2978\", \"CVE-2011-2979\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-03 (bugzilla)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Bugzilla, the worst of which\n leading to privilege escalation.\");\n script_tag(name:\"solution\", value:\"All Bugzilla users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.6.6'\n\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since August 27, 2011. It is likely that your system is\nalready\n no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-03\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=352781\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=380255\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386203\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-03.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-apps/bugzilla\", unaffected: make_list(\"ge 3.6.6\"), vulnerable: make_list(\"lt 3.6.6\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T18:50:24", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2010-11-04T00:00:00", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764"], "modified": "2010-11-04T00:00:00", "id": "SECURITYVULNS:VULN:11229", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11229", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:38", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:250\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : perl-CGI-Simple\r\n Date : December 9, 2010\r\n Affected: Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability was discovered and corrected in perl-CGI-Simple:\r\n \r\n The multipart_init function in &#40;1&#41; CGI.pm before 3.50 and &#40;2&#41; Simple.pm\r\n in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME\r\n boundary string in multipart/x-mixed-replace content, which allows\r\n remote attackers to inject arbitrary HTTP headers and conduct HTTP\r\n response splitting attacks via crafted input that contains this value,\r\n a different vulnerability than CVE-2010-3172 &#40;CVE-2010-2761&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Corporate 4.0:\r\n b2e5ffba685cf732133e42fe1b82791d \r\ncorporate/4.0/i586/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpm \r\n e37ee0869e2fd9f4e875354edca20c6f \r\ncorporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 5231722e821a5478827e17293dd0836b \r\ncorporate/4.0/x86_64/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpm \r\n e37ee0869e2fd9f4e875354edca20c6f \r\ncorporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 04f4b7381ba21a1ba14845a06b680fb1 \r\nmes5/i586/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm \r\n 15d6dc30e4dbf78a7371c1715386f552 \r\nmes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n bf81ab1b1798bb141b74c6f8e6d59630 \r\nmes5/x86_64/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm \r\n 15d6dc30e4dbf78a7371c1715386f552 \r\nmes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFNAMpimqjQ0CJFipgRAsKPAJ9gy8D5blvchEFe/KRmwMEFYtjWZQCgzSmG\r\n3t2bZiJcPZFuhFYF28NTyJ0=\r\n=Xkba\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2010-12-12T00:00:00", "title": "[ MDVSA-2010:250 ] perl-CGI-Simple", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172"], "modified": "2010-12-12T00:00:00", "id": "SECURITYVULNS:DOC:25284", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25284", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-08-19T13:02:30", "description": "The remote web server is hosting Bugzilla, a web-based bug tracking application.\n\nVersions of Bugzilla 3.2.x earlier than 3.2.9, 3.4.x earlier than 3.4.9, and 3.6.x earlier than 3.6.3 are potentially affected by multiple vulnerabilities :\n\n - By inserting a certain string into a URL, it is possible to inject both headers and content to any browser that supports \"Server Push\". (CVE-2010-3172)\n\n - The Charts system generates graphs with predictable names into the 'graphs/' directory, which can also be browsed to see its contents. (CVE-2010-3764)\n\n - YUI 2.8.1 is vulnerable to a cross-site scripting vulnerability in certain .swf files.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2010-11-05T00:00:00", "type": "nessus", "title": "Bugzilla < 3.2.9 / 3.4.9 / 3.6.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*"], "id": "5700.PRM", "href": "https://www.tenable.com/plugins/nnm/5700", "sourceData": "Binary data 5700.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-06T06:33:49", "description": "The following security issues have been discovered in Bugzilla :\n\n - There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability.\n\n - It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names.\n\n - YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.\n\nThese are tracked by CVE-2010-3764.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-15T00:00:00", "type": "nessus", "title": "Fedora 13 : bugzilla-3.4.9-1.fc13 (2010-17280)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4207", "CVE-2010-4208", "CVE-2010-4209"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bugzilla", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-17280.NASL", "href": "https://www.tenable.com/plugins/nessus/50596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17280.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50596);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3172\", \"CVE-2010-3764\", \"CVE-2010-4207\", \"CVE-2010-4208\", \"CVE-2010-4209\");\n script_xref(name:\"FEDORA\", value:\"2010-17280\");\n\n script_name(english:\"Fedora 13 : bugzilla-3.4.9-1.fc13 (2010-17280)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues have been discovered in Bugzilla :\n\n - There is a way to inject both headers and content to\n users, causing a serious Cross-Site Scripting\n vulnerability.\n\n - It was possible to see graphs from Old Charts even if\n you did not have access to a particular product, and you\n could browse a particular URL to see all product names.\n\n - YUI 2.8.1, which shipped with Bugzilla starting with\n 3.7.x, contained a security vulnerability. The version\n of YUI shipped with Bugzilla 4.0rc1 and above has been\n updated to 2.8.2.\n\nThese are tracked by CVE-2010-3764.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649404\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?664a5de2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bugzilla package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"bugzilla-3.4.9-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bugzilla\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-06T06:33:50", "description": "The following security issues have been discovered in Bugzilla :\n\n - There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability.\n\n - It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names.\n\n - YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.\n\nThese are tracked by CVE-2010-3764.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-15T00:00:00", "type": "nessus", "title": "Fedora 14 : bugzilla-3.6.3-1.fc14 (2010-17274)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4207", "CVE-2010-4208", "CVE-2010-4209"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bugzilla", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-17274.NASL", "href": "https://www.tenable.com/plugins/nessus/50595", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17274.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50595);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3172\", \"CVE-2010-3764\", \"CVE-2010-4207\", \"CVE-2010-4208\", \"CVE-2010-4209\");\n script_xref(name:\"FEDORA\", value:\"2010-17274\");\n\n script_name(english:\"Fedora 14 : bugzilla-3.6.3-1.fc14 (2010-17274)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues have been discovered in Bugzilla :\n\n - There is a way to inject both headers and content to\n users, causing a serious Cross-Site Scripting\n vulnerability.\n\n - It was possible to see graphs from Old Charts even if\n you did not have access to a particular product, and you\n could browse a particular URL to see all product names.\n\n - YUI 2.8.1, which shipped with Bugzilla starting with\n 3.7.x, contained a security vulnerability. The version\n of YUI shipped with Bugzilla 4.0rc1 and above has been\n updated to 2.8.2.\n\nThese are tracked by CVE-2010-3764.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649404\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cbeaf3c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bugzilla package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"bugzilla-3.6.3-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bugzilla\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-06T06:33:14", "description": "The following security issues have been discovered in Bugzilla :\n\n - There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability.\n\n - It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names.\n\n - YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.\n\nThese are tracked by CVE-2010-3764.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-15T00:00:00", "type": "nessus", "title": "Fedora 12 : bugzilla-3.4.9-1.fc12 (2010-17235)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4207", "CVE-2010-4208", "CVE-2010-4209"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bugzilla", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-17235.NASL", "href": "https://www.tenable.com/plugins/nessus/50594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17235.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50594);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3172\", \"CVE-2010-3764\", \"CVE-2010-4207\", \"CVE-2010-4208\", \"CVE-2010-4209\");\n script_bugtraq_id(44618);\n script_xref(name:\"FEDORA\", value:\"2010-17235\");\n\n script_name(english:\"Fedora 12 : bugzilla-3.4.9-1.fc12 (2010-17235)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues have been discovered in Bugzilla :\n\n - There is a way to inject both headers and content to\n users, causing a serious Cross-Site Scripting\n vulnerability.\n\n - It was possible to see graphs from Old Charts even if\n you did not have access to a particular product, and you\n could browse a particular URL to see all product names.\n\n - YUI 2.8.1, which shipped with Bugzilla starting with\n 3.7.x, contained a security vulnerability. The version\n of YUI shipped with Bugzilla 4.0rc1 and above has been\n updated to 2.8.2.\n\nThese are tracked by CVE-2010-3764.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649404\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1dcada43\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bugzilla package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"bugzilla-3.4.9-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bugzilla\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-12T15:24:39", "description": "The version of Bugzilla hosted on the remote web server allows injection of arbitrary HTTP headers and content when Server Push is enabled in a browser.\n\nNote that the install also likely creates restricted reports in a known location and with predictable names, which can lead to a loss of information, although Nessus has not checked for this.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-15T00:00:00", "type": "nessus", "title": "Bugzilla Response Splitting", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3172"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mozilla:bugzilla"], "id": "BUGZILLA_RESPONSE_SPLITTING.NASL", "href": "https://www.tenable.com/plugins/nessus/50599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50599);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-3172\");\n script_bugtraq_id(44618);\n\n script_name(english:\"Bugzilla Response Splitting\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application is affected by a response splitting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Bugzilla hosted on the remote web server allows\ninjection of arbitrary HTTP headers and content when Server Push is\nenabled in a browser.\n\nNote that the install also likely creates restricted reports in a\nknown location and with predictable names, which can lead to a loss\nof information, although Nessus has not checked for this.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.bugzilla.org/security/3.2.8/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Bugzilla 3.2.9 / 3.4.9 / 3.6.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:bugzilla\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bugzilla_detect.nasl\");\n script_require_keys(\"installed_sw/Bugzilla\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var\thd, output, attack_req1, attack_req2;\n\nhd = make_array(\n\"Accept\", \"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\",\n\"Accept-Language\", \"en-us;q=0.5,en;q=0.3\",\n# The User-Agent is necessary to trigger the right behavior\n\"User-Agent\", \"Mozilla/5.0 (X11; U; Linux i686 (x86_64); fr; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10\",\n\"Accept-Charset\", \"ISO-8859-1,utf-8;q=0.7,*;q=0.7\");\n\nfunction extract_boundaries(port, u)\n{\n local_var\tw, loc, v, l, b, boundaries;\n\n w = http_send_recv3(method:\"GET\", item: u, port: port, add_headers: hd, exit_on_fail: 1);\n if (w[0] !~ \"^HTTP/[0-9.]+ +200 \") return NULL;\n\n # No need to set follow_redirect, we have to issue a GET after that.\n w = http_send_recv3(method:\"POST\", item: u, port: port, exit_on_fail: 1,\n content_type: \"application/x-www-form-urlencoded\", add_headers: hd,\n data: \"query_format=advanced&short_desc_type=allwordssubstr&short_desc=&longdesc_type=allwordssubstr&longdesc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailtype2=substring&email2=&bug_id_type=anyexact&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0=\");\n\n attack_req1 = http_last_sent_request();\n if (w[0] =~ \"^HTTP/[0-9.]+ 30[12] \")\n {\n loc = egrep (string: w[1], pattern:\"^Location:\", icase: 1);\n if (!loc) return NULL;\n v = eregmatch(string: chomp(loc), pattern: \"^Location: *(https?://[^/]+(:[0-9]+)?)?(/.*)\");\n if (isnull(v)) return NULL;\n u = v[3];\n w = http_send_recv3(method:\"GET\", item: u, port: port, exit_on_fail: 1, add_headers: hd);\n attack_req2 = http_last_sent_request();\n }\n if (w[0] !~ \"^HTTP/[0-9.]+ +200 \") return NULL;\n\n boundaries = egrep(string: w[2], pattern: \"^--------- =\");\n if (!boundaries) return NULL;\n\n foreach b (split(boundaries, keep: 0))\n {\n v = eregmatch(string: b, pattern: \"^--------- *=([^-]+(-+)$)\");\n if (!isnull(v))\n {\n l = v[1];\n output = strstr(w[2], l);\n break;\n }\n }\n if (empty_or_null(l)) return NULL;\n return l;\n}\n\napp = 'Bugzilla';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default: 80, embedded: 0);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_loc = build_url(port:port, qs:dir);\n\nu = dir + \"/buglist.cgi?query_format=advanced\";\nb = extract_boundaries(port: port, u: u);\nif (isnull(b)) exit(0, \"Output is not multipart.\");\n\nif (b =~ '_aaaaaaaaaa0(--)?')\t# Default boundary\n{\n b2 = extract_boundaries(port: port, u: u);\n if (isnull(b2)) exit(1, \"Output is not multipart.\");\n\n if (b == b2)\t# Constant boundary\n {\n security_report_v4(\n port : port,\n severity : SECURITY_WARNING,\n generic : TRUE,\n line_limit : 5,\n request : make_list(attack_req1, attack_req2),\n output : output\n );\n exit(0);\n }\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_loc);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:49:50", "description": "A HTTP header injection attack was fixed in perl-CGI-Simple.\nCVE-2010-2761 has been assigned to this issue.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:perl-CGI-Simple", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_PERL-CGI-SIMPLE-110107.NASL", "href": "https://www.tenable.com/plugins/nessus/75708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update perl-CGI-Simple-3785.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75708);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\");\n\n script_name(english:\"openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)\");\n script_summary(english:\"Check for the perl-CGI-Simple-3785 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A HTTP header injection attack was fixed in perl-CGI-Simple.\nCVE-2010-2761 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-CGI-Simple package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-CGI-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"perl-CGI-Simple-1.112-7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-CGI-Simple\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T13:01:01", "description": "A HTTP header injection attack was fixed in perl-CGI-Simple.\nCVE-2010-2761 has been assigned to this issue.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:perl-CGI-Simple", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_PERL-CGI-SIMPLE-110107.NASL", "href": "https://www.tenable.com/plugins/nessus/53790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update perl-CGI-Simple-3785.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53790);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\");\n\n script_name(english:\"openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)\");\n script_summary(english:\"Check for the perl-CGI-Simple-3785 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A HTTP header injection attack was fixed in perl-CGI-Simple.\nCVE-2010-2761 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-CGI-Simple package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-CGI-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"perl-CGI-Simple-1.112-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-CGI-Simple\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-03-27T15:30:43", "description": "A new version of the CGI Perl module has been released to CPAN, which fixes several security bugs which directly affect Bugzilla (these two security bugs where first discovered as affecting Bugzilla, then identified as being bugs in CGI.pm itself).\n\nThe multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hard-coded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172 (CVE-2010-2761).\n\nCRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90\n\nThe updated packages have been upgraded to perl-CGI 3.50 to solve these security issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-16T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : perl-CGI (MDVSA-2010:237)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:perl-CGI", "p-cpe:/a:mandriva:linux:perl-CGI-Fast", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-237.NASL", "href": "https://www.tenable.com/plugins/nessus/50609", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:237. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50609);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-4410\");\n script_xref(name:\"MDVSA\", value:\"2010:237\");\n\n script_name(english:\"Mandriva Linux Security Advisory : perl-CGI (MDVSA-2010:237)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new version of the CGI Perl module has been released to CPAN, which\nfixes several security bugs which directly affect Bugzilla (these two\nsecurity bugs where first discovered as affecting Bugzilla, then\nidentified as being bugs in CGI.pm itself).\n\nThe multipart_init function in (1) CGI.pm before 3.50 and (2)\nSimple.pm in CGI::Simple 1.112 and earlier uses a hard-coded value of\nthe MIME boundary string in multipart/x-mixed-replace content, which\nallows remote attackers to inject arbitrary HTTP headers and conduct\nHTTP response splitting attacks via crafted input that contains this\nvalue, a different vulnerability than CVE-2010-3172 (CVE-2010-2761).\n\nCRLF injection vulnerability in the header function in (1) CGI.pm\nbefore 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows\nremote attackers to inject arbitrary HTTP headers and conduct HTTP\nresponse splitting attacks via vectors related to non-whitespace\ncharacters preceded by newline characters, a different vulnerability\nthan CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nThe updated packages have been upgraded to perl-CGI 3.50 to solve\nthese security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.bugzilla.org/security/3.2.8/\"\n );\n # https://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c8612f7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-CGI and / or perl-CGI-Fast packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-CGI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-CGI-Fast\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-CGI-3.50-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-CGI-Fast-3.50-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"perl-CGI-3.500.0-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"perl-CGI-Fast-3.500.0-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"perl-CGI-3.500.0-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"perl-CGI-Fast-3.500.0-0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T13:01:51", "description": "Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses.\n\n - have been assigned to this issue. (CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411)", "cvss3": {"score": null, "vector": null}, "published": "2011-01-21T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Perl (ZYPP Patch Number 7316)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410", "CVE-2010-4411"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PERL-7316.NASL", "href": "https://www.tenable.com/plugins/nessus/51641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51641);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-4410\", \"CVE-2010-4411\");\n\n script_name(english:\"SuSE 10 Security Update : Perl (ZYPP Patch Number 7316)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple header injection problems in the CGI module of perl have been\nfixed. They allowed to inject HTTP headers in responses.\n\n - have been assigned to this issue. (CVE-2010-2761 /\n CVE-2010-4410 / CVE-2010-4411)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2761.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4410.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4411.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7316.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"perl-5.8.8-14.17.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"perl-32bit-5.8.8-14.17.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"perl-5.8.8-14.17.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"perl-32bit-5.8.8-14.17.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T13:01:05", "description": "Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses.\nCVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410", "CVE-2010-4411"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:perl", "p-cpe:/a:novell:opensuse:perl-32bit", "p-cpe:/a:novell:opensuse:perl-base", "p-cpe:/a:novell:opensuse:perl-base-32bit", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_PERL-110112.NASL", "href": "https://www.tenable.com/plugins/nessus/53789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update perl-3806.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53789);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-4410\", \"CVE-2010-4411\");\n\n script_name(english:\"openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)\");\n script_summary(english:\"Check for the perl-3806 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple header injection problems in the CGI module of perl have been\nfixed. They allowed to inject HTTP headers in responses.\nCVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00027.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"perl-5.10.0-72.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"perl-base-5.10.0-72.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-72.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.10.0-72.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:42", "description": "Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses.\nCVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410", "CVE-2010-4411"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:perl", "p-cpe:/a:novell:opensuse:perl-32bit", "p-cpe:/a:novell:opensuse:perl-base", "p-cpe:/a:novell:opensuse:perl-base-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_PERL-110112.NASL", "href": "https://www.tenable.com/plugins/nessus/75705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update perl-3806.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75705);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-4410\", \"CVE-2010-4411\");\n\n script_name(english:\"openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)\");\n script_summary(english:\"Check for the perl-3806 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple header injection problems in the CGI module of perl have been\nfixed. They allowed to inject HTTP headers in responses.\nCVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00027.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"perl-5.12.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"perl-base-5.12.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"perl-32bit-5.12.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.12.1-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T13:02:00", "description": "Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411 have been assigned to this issue.", "cvss3": {"score": null, "vector": null}, "published": "2011-01-21T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : perl (SAT Patch Number 3804)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410", "CVE-2010-4411"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:perl", "p-cpe:/a:novell:suse_linux:11:perl-32bit", "p-cpe:/a:novell:suse_linux:11:perl-base", "p-cpe:/a:novell:suse_linux:11:perl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PERL-110112.NASL", "href": "https://www.tenable.com/plugins/nessus/51630", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51630);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-4410\", \"CVE-2010-4411\");\n\n script_name(english:\"SuSE 11.1 Security Update : perl (SAT Patch Number 3804)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple header injection problems in the CGI module of perl have been\nfixed. They allowed to inject HTTP headers in responses. CVE-2010-2761\n/ CVE-2010-4410 / CVE-2010-4411 have been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2761.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4410.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4411.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3804.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:perl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:perl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"perl-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"perl-base-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"perl-doc-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"perl-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"perl-base-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"perl-doc-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"perl-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"perl-base-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"perl-doc-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"perl-32bit-5.10.0-64.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-64.53.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:59:52", "description": "The remote host is affected by the vulnerability described in GLSA-201110-03 (Bugzilla: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers.\n A local attacker could disclose the contents of temporarfy files for uploaded attachments.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-11T00:00:00", "type": "nessus", "title": "GLSA-201110-03 : Bugzilla: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4411", "CVE-2010-4567", "CVE-2010-4568", "CVE-2010-4569", "CVE-2010-4570", "CVE-2010-4572", "CVE-2011-0046", "CVE-2011-0048", "CVE-2011-2379", "CVE-2011-2380", "CVE-2011-2381", "CVE-2011-2976", "CVE-2011-2977", "CVE-2011-2978", "CVE-2011-2979"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:bugzilla", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201110-03.NASL", "href": "https://www.tenable.com/plugins/nessus/56445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56445);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2761\", \"CVE-2010-3172\", \"CVE-2010-3764\", \"CVE-2010-4411\", \"CVE-2010-4567\", \"CVE-2010-4568\", \"CVE-2010-4569\", \"CVE-2010-4570\", \"CVE-2010-4572\", \"CVE-2011-0046\", \"CVE-2011-0048\", \"CVE-2011-2379\", \"CVE-2011-2380\", \"CVE-2011-2381\", \"CVE-2011-2976\", \"CVE-2011-2977\", \"CVE-2011-2978\", \"CVE-2011-2979\");\n script_bugtraq_id(44618, 45145, 45982, 49042);\n script_xref(name:\"GLSA\", value:\"201110-03\");\n\n script_name(english:\"GLSA-201110-03 : Bugzilla: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-03\n(Bugzilla: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Bugzilla. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct cross-site scripting attacks, conduct\n script insertion and spoofing attacks, hijack the authentication of\n arbitrary users, inject arbitrary HTTP headers, obtain access to\n arbitrary accounts, disclose the existence of confidential groups and its\n names, or inject arbitrary e-mail headers.\n A local attacker could disclose the contents of temporarfy files for\n uploaded attachments.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Bugzilla users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.6.6'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since August 27, 2011. It is likely that your system is already\n no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/bugzilla\", unaffected:make_list(\"ge 3.6.6\"), vulnerable:make_list(\"lt 3.6.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Bugzilla\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:57:54", "description": "CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9,\n3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in\na web browser, allows remote attackers to inject arbitrary HTTP headers and\ncontent, and conduct HTTP response splitting attacks, via a crafted URL.", "cvss3": {}, "published": "2010-11-05T00:00:00", "type": "ubuntucve", "title": "CVE-2010-3172", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3172"], "modified": "2010-11-05T00:00:00", "id": "UB:CVE-2010-3172", "href": "https://ubuntu.com/security/CVE-2010-3172", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:57:53", "description": "The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2,\n3.7.3, and 4.1 creates graph files with predictable names in graphs/, which\nallows remote attackers to obtain sensitive information via a modified URL.", "cvss3": {}, "published": "2010-11-05T00:00:00", "type": "ubuntucve", "title": "CVE-2010-3764", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3764"], "modified": "2010-11-05T00:00:00", "id": "UB:CVE-2010-3764", "href": "https://ubuntu.com/security/CVE-2010-3764", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:25:59", "description": "CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.", "cvss3": {}, "published": "2010-11-05T17:00:00", "type": "cve", "title": "CVE-2010-3172", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3172"], "modified": "2010-12-16T05:00:00", "cpe": ["cpe:/a:mozilla:bugzilla:3.2.3", "cpe:/a:mozilla:bugzilla:3.6.2", "cpe:/a:mozilla:bugzilla:2.19.1", "cpe:/a:mozilla:bugzilla:2.16", "cpe:/a:mozilla:bugzilla:3.4.3", "cpe:/a:mozilla:bugzilla:2.17.2", "cpe:/a:mozilla:bugzilla:2.16.7", "cpe:/a:mozilla:bugzilla:3.4.4", "cpe:/a:mozilla:bugzilla:2.16.4", "cpe:/a:mozilla:bugzilla:2.18.7", "cpe:/a:mozilla:bugzilla:2.22.3", "cpe:/a:mozilla:bugzilla:2.14", "cpe:/a:mozilla:bugzilla:2.18.4", "cpe:/a:mozilla:bugzilla:2.14.2", "cpe:/a:mozilla:bugzilla:2.17.1", "cpe:/a:mozilla:bugzilla:3.2.2", "cpe:/a:mozilla:bugzilla:3.2.6", "cpe:/a:mozilla:bugzilla:2.9", "cpe:/a:mozilla:bugzilla:2.16.2", "cpe:/a:mozilla:bugzilla:2.17", "cpe:/a:mozilla:bugzilla:2.22.4", "cpe:/a:mozilla:bugzilla:2.18.5", "cpe:/a:mozilla:bugzilla:2.16.11", "cpe:/a:mozilla:bugzilla:2.19", "cpe:/a:mozilla:bugzilla:2.14.5", "cpe:/a:mozilla:bugzilla:2.16_rc2", "cpe:/a:mozilla:bugzilla:2.16.10", "cpe:/a:mozilla:bugzilla:2.8", "cpe:/a:mozilla:bugzilla:2.22.1", "cpe:/a:mozilla:bugzilla:2.20.5", "cpe:/a:mozilla:bugzilla:2.14.4", "cpe:/a:mozilla:bugzilla:2.21.1", "cpe:/a:mozilla:bugzilla:2.20.1", "cpe:/a:mozilla:bugzilla:2.22.6", "cpe:/a:mozilla:bugzilla:2.18", "cpe:/a:mozilla:bugzilla:2.22.7", "cpe:/a:mozilla:bugzilla:2.18.2", "cpe:/a:mozilla:bugzilla:2.16.9", "cpe:/a:mozilla:bugzilla:2.4", "cpe:/a:mozilla:bugzilla:2.23.2", "cpe:/a:mozilla:bugzilla:2.14.3", "cpe:/a:mozilla:bugzilla:2.18.1", "cpe:/a:mozilla:bugzilla:3.4.8", "cpe:/a:mozilla:bugzilla:2.22.5", "cpe:/a:mozilla:bugzilla:2.20.4", "cpe:/a:mozilla:bugzilla:2.23.1", "cpe:/a:mozilla:bugzilla:2.17.3", "cpe:/a:mozilla:bugzilla:2.16.6", "cpe:/a:mozilla:bugzilla:3.2.7", "cpe:/a:mozilla:bugzilla:2.16.8", "cpe:/a:mozilla:bugzilla:2.16.5", "cpe:/a:mozilla:bugzilla:2.22", "cpe:/a:mozilla:bugzilla:3.6.0", "cpe:/a:mozilla:bugzilla:2.14.1", "cpe:/a:mozilla:bugzilla:2.20.7", "cpe:/a:mozilla:bugzilla:2.23", "cpe:/a:mozilla:bugzilla:2.17.6", "cpe:/a:mozilla:bugzilla:2.20.3", "cpe:/a:mozilla:bugzilla:2.17.5", "cpe:/a:mozilla:bugzilla:2.18.9", "cpe:/a:mozilla:bugzilla:3.4.6", "cpe:/a:mozilla:bugzilla:2.17.7", "cpe:/a:mozilla:bugzilla:2.22.2", "cpe:/a:mozilla:bugzilla:3.6.1", "cpe:/a:mozilla:bugzilla:2.21", "cpe:/a:mozilla:bugzilla:4.0", "cpe:/a:mozilla:bugzilla:2.20.2", "cpe:/a:mozilla:bugzilla:3.2.5", "cpe:/a:mozilla:bugzilla:2.20", "cpe:/a:mozilla:bugzilla:2.20.6", "cpe:/a:mozilla:bugzilla:3.4.5", "cpe:/a:mozilla:bugzilla:3.2.4", "cpe:/a:mozilla:bugzilla:2.12", "cpe:/a:mozilla:bugzilla:2.17.4", "cpe:/a:mozilla:bugzilla:2.19.2", "cpe:/a:mozilla:bugzilla:3.2.8", "cpe:/a:mozilla:bugzilla:2.6", "cpe:/a:mozilla:bugzilla:2.16.3", "cpe:/a:mozilla:bugzilla:2.16.1", "cpe:/a:mozilla:bugzilla:2.23.3", "cpe:/a:mozilla:bugzilla:2.21.2", "cpe:/a:mozilla:bugzilla:2.0", "cpe:/a:mozilla:bugzilla:2.19.3", "cpe:/a:mozilla:bugzilla:2.18.6\\+", "cpe:/a:mozilla:bugzilla:2.2", "cpe:/a:mozilla:bugzilla:3.4.2", "cpe:/a:mozilla:bugzilla:3.2", "cpe:/a:mozilla:bugzilla:2.18.6", "cpe:/a:mozilla:bugzilla:2.10", "cpe:/a:mozilla:bugzilla:3.4.1", "cpe:/a:mozilla:bugzilla:3.2.1", "cpe:/a:mozilla:bugzilla:2.18.8", "cpe:/a:mozilla:bugzilla:2.23.4", "cpe:/a:mozilla:bugzilla:2.18.3", "cpe:/a:mozilla:bugzilla:3.4.7"], "id": "CVE-2010-3172", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3172", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:bugzilla:3.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.6\\+:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:35:59", "description": "The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.", "cvss3": {}, "published": "2010-11-05T17:00:00", "type": "cve", "title": "CVE-2010-3764", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3764"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:mozilla:bugzilla:3.2.3", "cpe:/a:mozilla:bugzilla:3.6.2", "cpe:/a:mozilla:bugzilla:2.19.1", "cpe:/a:mozilla:bugzilla:2.16", "cpe:/a:mozilla:bugzilla:2.17.2", "cpe:/a:mozilla:bugzilla:2.16.7", "cpe:/a:mozilla:bugzilla:2.16.4", "cpe:/a:mozilla:bugzilla:2.18.7", "cpe:/a:mozilla:bugzilla:2.22.3", "cpe:/a:mozilla:bugzilla:2.14", "cpe:/a:mozilla:bugzilla:2.18.4", "cpe:/a:mozilla:bugzilla:2.14.2", "cpe:/a:mozilla:bugzilla:2.17.1", "cpe:/a:mozilla:bugzilla:3.2.2", "cpe:/a:mozilla:bugzilla:3.2.6", "cpe:/a:mozilla:bugzilla:2.9", "cpe:/a:mozilla:bugzilla:2.16.2", "cpe:/a:mozilla:bugzilla:2.17", "cpe:/a:mozilla:bugzilla:2.22.4", "cpe:/a:mozilla:bugzilla:2.18.5", "cpe:/a:mozilla:bugzilla:2.16.11", "cpe:/a:mozilla:bugzilla:2.19", "cpe:/a:mozilla:bugzilla:2.14.5", "cpe:/a:mozilla:bugzilla:2.16_rc2", "cpe:/a:mozilla:bugzilla:2.16.10", "cpe:/a:mozilla:bugzilla:2.8", "cpe:/a:mozilla:bugzilla:2.22.1", "cpe:/a:mozilla:bugzilla:2.20.5", "cpe:/a:mozilla:bugzilla:2.14.4", "cpe:/a:mozilla:bugzilla:2.21.1", "cpe:/a:mozilla:bugzilla:2.20.1", "cpe:/a:mozilla:bugzilla:2.22.7", "cpe:/a:mozilla:bugzilla:2.18", "cpe:/a:mozilla:bugzilla:2.22.6", "cpe:/a:mozilla:bugzilla:2.18.2", "cpe:/a:mozilla:bugzilla:2.16.9", "cpe:/a:mozilla:bugzilla:2.4", "cpe:/a:mozilla:bugzilla:2.23.2", "cpe:/a:mozilla:bugzilla:2.14.3", "cpe:/a:mozilla:bugzilla:2.18.1", "cpe:/a:mozilla:bugzilla:2.22.5", "cpe:/a:mozilla:bugzilla:3.4.8", "cpe:/a:mozilla:bugzilla:2.20.4", "cpe:/a:mozilla:bugzilla:2.23.1", "cpe:/a:mozilla:bugzilla:2.17.3", "cpe:/a:mozilla:bugzilla:2.16.6", "cpe:/a:mozilla:bugzilla:3.2.7", "cpe:/a:mozilla:bugzilla:2.16.8", "cpe:/a:mozilla:bugzilla:2.16.5", "cpe:/a:mozilla:bugzilla:2.22", "cpe:/a:mozilla:bugzilla:2.14.1", "cpe:/a:mozilla:bugzilla:2.23", "cpe:/a:mozilla:bugzilla:2.20.7", "cpe:/a:mozilla:bugzilla:2.17.6", "cpe:/a:mozilla:bugzilla:2.20.3", "cpe:/a:mozilla:bugzilla:2.17.5", "cpe:/a:mozilla:bugzilla:2.18.9", "cpe:/a:mozilla:bugzilla:2.17.7", "cpe:/a:mozilla:bugzilla:2.22.2", "cpe:/a:mozilla:bugzilla:2.21", "cpe:/a:mozilla:bugzilla:3.7.3", "cpe:/a:mozilla:bugzilla:2.20.2", "cpe:/a:mozilla:bugzilla:3.2.5", "cpe:/a:mozilla:bugzilla:2.20", "cpe:/a:mozilla:bugzilla:2.20.6", "cpe:/a:mozilla:bugzilla:3.2.4", "cpe:/a:mozilla:bugzilla:2.12", "cpe:/a:mozilla:bugzilla:2.17.4", "cpe:/a:mozilla:bugzilla:3.2.8", "cpe:/a:mozilla:bugzilla:2.19.2", "cpe:/a:mozilla:bugzilla:2.6", "cpe:/a:mozilla:bugzilla:2.16.3", "cpe:/a:mozilla:bugzilla:2.16.1", "cpe:/a:mozilla:bugzilla:2.23.3", "cpe:/a:mozilla:bugzilla:2.21.2", "cpe:/a:mozilla:bugzilla:2.19.3", "cpe:/a:mozilla:bugzilla:2.18.6\\+", "cpe:/a:mozilla:bugzilla:2.2", "cpe:/a:mozilla:bugzilla:4.1", "cpe:/a:mozilla:bugzilla:2.18.6", "cpe:/a:mozilla:bugzilla:3.2.1", "cpe:/a:mozilla:bugzilla:2.18.8", "cpe:/a:mozilla:bugzilla:2.23.4", "cpe:/a:mozilla:bugzilla:2.18.3"], "id": "CVE-2010-3764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3764", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:bugzilla:2.20.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.6\\+:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.23.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:18:36", "description": "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.", "cvss3": {}, "published": "2010-12-06T20:12:00", "type": "cve", "title": "CVE-2010-2761", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172"], "modified": "2016-12-08T03:01:00", "cpe": ["cpe:/a:andy_armstrong:cgi.pm:2.64", "cpe:/a:andy_armstrong:cgi.pm:2.47", "cpe:/a:andy_armstrong:cgi.pm:3.06", "cpe:/a:andy_armstrong:cgi.pm:2.49", "cpe:/a:andy_armstrong:cgi-simple:0.079", "cpe:/a:andy_armstrong:cgi-simple:0.080", "cpe:/a:andy_armstrong:cgi.pm:2.28", "cpe:/a:andy_armstrong:cgi.pm:3.35", "cpe:/a:andy_armstrong:cgi-simple:1.109", "cpe:/a:andy_armstrong:cgi.pm:3.41", "cpe:/a:andy_armstrong:cgi.pm:3.14", "cpe:/a:andy_armstrong:cgi.pm:2.48", "cpe:/a:andy_armstrong:cgi.pm:2.93", "cpe:/a:andy_armstrong:cgi.pm:2.78", "cpe:/a:andy_armstrong:cgi.pm:2.71", "cpe:/a:andy_armstrong:cgi.pm:2.67", "cpe:/a:andy_armstrong:cgi.pm:2.81", "cpe:/a:andy_armstrong:cgi.pm:1.55", "cpe:/a:andy_armstrong:cgi.pm:3.34", "cpe:/a:andy_armstrong:cgi.pm:2.29", "cpe:/a:andy_armstrong:cgi-simple:1.108", "cpe:/a:andy_armstrong:cgi.pm:3.25", "cpe:/a:andy_armstrong:cgi.pm:2.65", "cpe:/a:andy_armstrong:cgi.pm:3.44", "cpe:/a:andy_armstrong:cgi.pm:1.51", "cpe:/a:andy_armstrong:cgi.pm:2.60", "cpe:/a:andy_armstrong:cgi.pm:3.10", "cpe:/a:andy_armstrong:cgi.pm:1.52", "cpe:/a:andy_armstrong:cgi.pm:2.0", "cpe:/a:andy_armstrong:cgi.pm:3.39", "cpe:/a:andy_armstrong:cgi.pm:2.13", "cpe:/a:andy_armstrong:cgi.pm:3.02", "cpe:/a:andy_armstrong:cgi.pm:1.56", "cpe:/a:andy_armstrong:cgi.pm:1.44", "cpe:/a:andy_armstrong:cgi.pm:2.77", "cpe:/a:andy_armstrong:cgi.pm:3.13", "cpe:/a:andy_armstrong:cgi.pm:2.32", "cpe:/a:andy_armstrong:cgi.pm:2.34", "cpe:/a:andy_armstrong:cgi.pm:2.25", "cpe:/a:andy_armstrong:cgi.pm:2.94", "cpe:/a:andy_armstrong:cgi.pm:1.43", "cpe:/a:andy_armstrong:cgi.pm:3.12", "cpe:/a:andy_armstrong:cgi.pm:2.44", "cpe:/a:andy_armstrong:cgi.pm:2.14", "cpe:/a:andy_armstrong:cgi.pm:2.30", "cpe:/a:andy_armstrong:cgi-simple:1.1.1", "cpe:/a:andy_armstrong:cgi-simple:1.107", "cpe:/a:andy_armstrong:cgi.pm:3.31", "cpe:/a:andy_armstrong:cgi.pm:2.27", "cpe:/a:andy_armstrong:cgi.pm:3.23", "cpe:/a:andy_armstrong:cgi.pm:2.41", "cpe:/a:andy_armstrong:cgi.pm:2.76", "cpe:/a:andy_armstrong:cgi.pm:1.53", "cpe:/a:andy_armstrong:cgi.pm:2.83", "cpe:/a:andy_armstrong:cgi.pm:2.43", "cpe:/a:andy_armstrong:cgi.pm:3.03", "cpe:/a:andy_armstrong:cgi.pm:2.21", "cpe:/a:andy_armstrong:cgi.pm:2.87", "cpe:/a:andy_armstrong:cgi.pm:2.42", "cpe:/a:andy_armstrong:cgi.pm:3.46", "cpe:/a:andy_armstrong:cgi.pm:2.40", "cpe:/a:andy_armstrong:cgi-simple:0.082", "cpe:/a:andy_armstrong:cgi.pm:2.15", "cpe:/a:andy_armstrong:cgi.pm:3.37", "cpe:/a:andy_armstrong:cgi.pm:3.47", "cpe:/a:andy_armstrong:cgi.pm:2.99", "cpe:/a:andy_armstrong:cgi.pm:2.92", "cpe:/a:andy_armstrong:cgi-simple:1.112", "cpe:/a:andy_armstrong:cgi.pm:2.51", "cpe:/a:andy_armstrong:cgi.pm:2.46", "cpe:/a:andy_armstrong:cgi.pm:3.00", "cpe:/a:andy_armstrong:cgi.pm:3.22", "cpe:/a:andy_armstrong:cgi.pm:2.38", "cpe:/a:andy_armstrong:cgi.pm:2.75", "cpe:/a:andy_armstrong:cgi.pm:3.43", "cpe:/a:andy_armstrong:cgi.pm:2.45", "cpe:/a:andy_armstrong:cgi.pm:2.53", "cpe:/a:andy_armstrong:cgi.pm:2.69", "cpe:/a:andy_armstrong:cgi.pm:2.23", "cpe:/a:andy_armstrong:cgi.pm:1.4", "cpe:/a:andy_armstrong:cgi.pm:2.20", "cpe:/a:andy_armstrong:cgi-simple:1.0", "cpe:/a:andy_armstrong:cgi.pm:2.96", "cpe:/a:andy_armstrong:cgi-simple:0.078", "cpe:/a:andy_armstrong:cgi-simple:1.111", "cpe:/a:andy_armstrong:cgi.pm:2.31", "cpe:/a:andy_armstrong:cgi-simple:1.1.2", "cpe:/a:andy_armstrong:cgi.pm:3.07", "cpe:/a:andy_armstrong:cgi.pm:3.40", "cpe:/a:andy_armstrong:cgi.pm:2.97", "cpe:/a:andy_armstrong:cgi.pm:2.63", "cpe:/a:andy_armstrong:cgi.pm:3.20", "cpe:/a:andy_armstrong:cgi.pm:2.84", "cpe:/a:andy_armstrong:cgi.pm:1.54", "cpe:/a:andy_armstrong:cgi.pm:2.39", "cpe:/a:andy_armstrong:cgi-simple:1.106", "cpe:/a:andy_armstrong:cgi.pm:3.04", "cpe:/a:andy_armstrong:cgi.pm:2.56", "cpe:/a:andy_armstrong:cgi-simple:1.1", "cpe:/a:andy_armstrong:cgi.pm:3.30", "cpe:/a:andy_armstrong:cgi.pm:3.09", "cpe:/a:andy_armstrong:cgi.pm:3.49", "cpe:/a:andy_armstrong:cgi.pm:2.59", "cpe:/a:andy_armstrong:cgi.pm:3.32", "cpe:/a:andy_armstrong:cgi.pm:2.17", "cpe:/a:andy_armstrong:cgi.pm:2.24", "cpe:/a:andy_armstrong:cgi.pm:2.751", "cpe:/a:andy_armstrong:cgi.pm:2.36", "cpe:/a:andy_armstrong:cgi.pm:2.79", "cpe:/a:andy_armstrong:cgi.pm:3.18", "cpe:/a:andy_armstrong:cgi.pm:2.80", "cpe:/a:andy_armstrong:cgi.pm:2.86", "cpe:/a:andy_armstrong:cgi.pm:2.70", "cpe:/a:andy_armstrong:cgi.pm:2.62", "cpe:/a:andy_armstrong:cgi.pm:3.17", "cpe:/a:andy_armstrong:cgi.pm:3.16", "cpe:/a:andy_armstrong:cgi.pm:2.90", "cpe:/a:andy_armstrong:cgi.pm:3.48", "cpe:/a:andy_armstrong:cgi.pm:2.58", "cpe:/a:andy_armstrong:cgi.pm:3.21", "cpe:/a:andy_armstrong:cgi.pm:3.26", "cpe:/a:andy_armstrong:cgi.pm:3.05", "cpe:/a:andy_armstrong:cgi-simple:1.110", "cpe:/a:andy_armstrong:cgi.pm:2.37", "cpe:/a:andy_armstrong:cgi.pm:2.16", "cpe:/a:andy_armstrong:cgi.pm:2.54", "cpe:/a:andy_armstrong:cgi.pm:3.36", "cpe:/a:andy_armstrong:cgi.pm:3.27", "cpe:/a:andy_armstrong:cgi.pm:2.98", "cpe:/a:andy_armstrong:cgi.pm:2.66", "cpe:/a:andy_armstrong:cgi.pm:3.33", "cpe:/a:andy_armstrong:cgi.pm:3.38", "cpe:/a:andy_armstrong:cgi-simple:0.83", "cpe:/a:andy_armstrong:cgi.pm:2.19", "cpe:/a:andy_armstrong:cgi.pm:3.28", "cpe:/a:andy_armstrong:cgi-simple:0.081", "cpe:/a:andy_armstrong:cgi.pm:3.08", "cpe:/a:andy_armstrong:cgi.pm:2.73", "cpe:/a:andy_armstrong:cgi.pm:2.26", "cpe:/a:andy_armstrong:cgi-simple:1.105", "cpe:/a:andy_armstrong:cgi.pm:2.752", "cpe:/a:andy_armstrong:cgi.pm:3.11", "cpe:/a:andy_armstrong:cgi.pm:2.52", "cpe:/a:andy_armstrong:cgi.pm:1.50", "cpe:/a:andy_armstrong:cgi.pm:2.55", "cpe:/a:andy_armstrong:cgi.pm:2.72", "cpe:/a:andy_armstrong:cgi.pm:2.91", "cpe:/a:andy_armstrong:cgi-simple:1.104", "cpe:/a:andy_armstrong:cgi.pm:2.18", "cpe:/a:andy_armstrong:cgi.pm:3.24", "cpe:/a:andy_armstrong:cgi.pm:3.19", "cpe:/a:andy_armstrong:cgi.pm:2.85", "cpe:/a:andy_armstrong:cgi.pm:2.61", "cpe:/a:andy_armstrong:cgi.pm:2.89", "cpe:/a:andy_armstrong:cgi.pm:2.35", "cpe:/a:andy_armstrong:cgi.pm:3.15", "cpe:/a:andy_armstrong:cgi.pm:3.42", "cpe:/a:andy_armstrong:cgi.pm:1.42", "cpe:/a:andy_armstrong:cgi.pm:1.45", "cpe:/a:andy_armstrong:cgi.pm:3.01", "cpe:/a:andy_armstrong:cgi.pm:2.50", "cpe:/a:andy_armstrong:cgi-simple:1.103", "cpe:/a:andy_armstrong:cgi.pm:2.74", "cpe:/a:andy_armstrong:cgi.pm:3.45", "cpe:/a:andy_armstrong:cgi.pm:2.68", "cpe:/a:andy_armstrong:cgi.pm:1.57", "cpe:/a:andy_armstrong:cgi.pm:2.22", "cpe:/a:andy_armstrong:cgi.pm:2.88", "cpe:/a:andy_armstrong:cgi.pm:2.33", "cpe:/a:andy_armstrong:cgi.pm:2.82", "cpe:/a:andy_armstrong:cgi.pm:2.57", "cpe:/a:andy_armstrong:cgi.pm:3.29", "cpe:/a:andy_armstrong:cgi.pm:2.95", "cpe:/a:andy_armstrong:cgi.pm:2.01"], "id": "CVE-2010-2761", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2761", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:andy_armstrong:cgi.pm:3.28:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.22:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.24:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.88:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.44:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.37:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.110:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.90:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.99:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.08:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.59:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.49:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.22:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.50:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.57:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.39:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.92:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.30:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.48:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.80:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.48:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.33:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.67:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.50:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.43:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.76:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.58:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.68:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.75:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.44:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.57:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.52:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.40:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.079:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.45:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.70:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.34:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.13:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.43:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.46:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.34:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.32:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.24:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.71:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.72:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.31:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.30:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.05:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.95:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.29:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.41:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.109:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.752:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.19:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.38:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.108:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.54:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.27:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.27:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.98:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.107:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.40:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.47:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.081:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.36:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.41:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.65:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.66:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.26:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.38:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.62:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.63:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.21:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.69:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.12:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.36:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.56:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.46:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.53:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.37:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.82:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.35:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.83:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.14:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.15:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.96:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.86:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.103:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.105:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.56:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.61:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.87:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.55:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.79:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.111:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.42:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.78:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.83:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.112:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.51:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.751:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.04:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.19:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.33:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.42:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.080:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.09:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.85:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.81:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.25:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.18:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.54:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.104:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.93:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.43:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.18:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.47:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.64:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.20:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.25:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.49:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.94:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.51:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.45:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.32:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.23:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.84:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.60:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.31:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.45:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.39:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.26:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.17:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.77:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.89:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.06:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.91:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.44:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.35:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.15:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.082:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.28:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.03:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.52:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.55:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.29:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.106:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.73:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.53:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.42:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.74:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.97:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.23:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.11:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.078:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.07:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.16:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:48:02", "description": "CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.", "cvss3": {}, "published": "2010-12-06T20:13:00", "type": "cve", "title": "CVE-2010-4410", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410"], "modified": "2016-12-08T03:01:00", "cpe": ["cpe:/a:andy_armstrong:cgi.pm:2.47", "cpe:/a:andy_armstrong:cgi.pm:2.64", "cpe:/a:andy_armstrong:cgi.pm:3.06", "cpe:/a:andy_armstrong:cgi.pm:2.49", "cpe:/a:andy_armstrong:cgi-simple:0.079", "cpe:/a:andy_armstrong:cgi-simple:0.080", "cpe:/a:andy_armstrong:cgi.pm:2.28", "cpe:/a:andy_armstrong:cgi.pm:3.35", "cpe:/a:andy_armstrong:cgi-simple:1.109", "cpe:/a:andy_armstrong:cgi.pm:3.41", "cpe:/a:andy_armstrong:cgi.pm:3.14", "cpe:/a:andy_armstrong:cgi.pm:2.48", "cpe:/a:andy_armstrong:cgi.pm:2.93", "cpe:/a:andy_armstrong:cgi.pm:2.78", "cpe:/a:andy_armstrong:cgi.pm:2.71", "cpe:/a:andy_armstrong:cgi.pm:2.67", "cpe:/a:andy_armstrong:cgi.pm:2.81", "cpe:/a:andy_armstrong:cgi.pm:1.55", "cpe:/a:andy_armstrong:cgi.pm:3.34", "cpe:/a:andy_armstrong:cgi.pm:2.29", "cpe:/a:andy_armstrong:cgi-simple:1.108", "cpe:/a:andy_armstrong:cgi.pm:3.25", "cpe:/a:andy_armstrong:cgi.pm:2.65", "cpe:/a:andy_armstrong:cgi.pm:3.44", "cpe:/a:andy_armstrong:cgi.pm:1.51", "cpe:/a:andy_armstrong:cgi.pm:2.60", "cpe:/a:andy_armstrong:cgi.pm:3.10", "cpe:/a:andy_armstrong:cgi.pm:1.52", "cpe:/a:andy_armstrong:cgi.pm:2.0", "cpe:/a:andy_armstrong:cgi.pm:2.13", "cpe:/a:andy_armstrong:cgi.pm:3.39", "cpe:/a:andy_armstrong:cgi.pm:1.56", "cpe:/a:andy_armstrong:cgi.pm:1.44", "cpe:/a:andy_armstrong:cgi.pm:2.77", "cpe:/a:andy_armstrong:cgi.pm:3.13", "cpe:/a:andy_armstrong:cgi.pm:2.32", "cpe:/a:andy_armstrong:cgi.pm:2.34", "cpe:/a:andy_armstrong:cgi.pm:2.25", "cpe:/a:andy_armstrong:cgi.pm:2.94", "cpe:/a:andy_armstrong:cgi.pm:1.43", "cpe:/a:andy_armstrong:cgi.pm:3.12", "cpe:/a:andy_armstrong:cgi.pm:2.44", "cpe:/a:andy_armstrong:cgi.pm:2.14", "cpe:/a:andy_armstrong:cgi.pm:2.30", "cpe:/a:andy_armstrong:cgi-simple:1.1.1", "cpe:/a:andy_armstrong:cgi-simple:1.107", "cpe:/a:andy_armstrong:cgi.pm:3.31", "cpe:/a:andy_armstrong:cgi.pm:2.27", "cpe:/a:andy_armstrong:cgi.pm:3.23", "cpe:/a:andy_armstrong:cgi.pm:2.41", "cpe:/a:andy_armstrong:cgi.pm:2.76", "cpe:/a:andy_armstrong:cgi.pm:3.03", "cpe:/a:andy_armstrong:cgi.pm:2.83", "cpe:/a:andy_armstrong:cgi.pm:2.43", "cpe:/a:andy_armstrong:cgi.pm:2.21", "cpe:/a:andy_armstrong:cgi.pm:1.53", "cpe:/a:andy_armstrong:cgi.pm:2.87", "cpe:/a:andy_armstrong:cgi.pm:2.42", "cpe:/a:andy_armstrong:cgi.pm:3.46", "cpe:/a:andy_armstrong:cgi.pm:2.40", "cpe:/a:andy_armstrong:cgi-simple:0.082", "cpe:/a:andy_armstrong:cgi.pm:3.37", "cpe:/a:andy_armstrong:cgi.pm:2.15", "cpe:/a:andy_armstrong:cgi.pm:2.99", "cpe:/a:andy_armstrong:cgi.pm:3.47", "cpe:/a:andy_armstrong:cgi.pm:2.92", "cpe:/a:andy_armstrong:cgi-simple:1.112", "cpe:/a:andy_armstrong:cgi.pm:2.46", "cpe:/a:andy_armstrong:cgi.pm:2.51", "cpe:/a:andy_armstrong:cgi.pm:3.00", "cpe:/a:andy_armstrong:cgi.pm:2.38", "cpe:/a:andy_armstrong:cgi.pm:3.22", "cpe:/a:andy_armstrong:cgi.pm:2.75", "cpe:/a:andy_armstrong:cgi.pm:3.43", "cpe:/a:andy_armstrong:cgi.pm:2.45", "cpe:/a:andy_armstrong:cgi.pm:2.53", "cpe:/a:andy_armstrong:cgi.pm:2.69", "cpe:/a:andy_armstrong:cgi.pm:2.23", "cpe:/a:andy_armstrong:cgi.pm:1.4", "cpe:/a:andy_armstrong:cgi.pm:2.20", "cpe:/a:andy_armstrong:cgi-simple:1.0", "cpe:/a:andy_armstrong:cgi.pm:2.96", "cpe:/a:andy_armstrong:cgi-simple:0.078", "cpe:/a:andy_armstrong:cgi-simple:1.111", "cpe:/a:andy_armstrong:cgi.pm:2.31", "cpe:/a:andy_armstrong:cgi-simple:1.1.2", "cpe:/a:andy_armstrong:cgi.pm:3.07", "cpe:/a:andy_armstrong:cgi.pm:3.40", "cpe:/a:andy_armstrong:cgi.pm:2.97", "cpe:/a:andy_armstrong:cgi.pm:2.63", "cpe:/a:andy_armstrong:cgi.pm:3.20", "cpe:/a:andy_armstrong:cgi.pm:2.84", "cpe:/a:andy_armstrong:cgi.pm:1.54", "cpe:/a:andy_armstrong:cgi.pm:2.39", "cpe:/a:andy_armstrong:cgi-simple:1.106", "cpe:/a:andy_armstrong:cgi.pm:3.04", "cpe:/a:andy_armstrong:cgi.pm:2.56", "cpe:/a:andy_armstrong:cgi-simple:1.1", "cpe:/a:andy_armstrong:cgi.pm:3.30", "cpe:/a:andy_armstrong:cgi.pm:3.09", "cpe:/a:andy_armstrong:cgi.pm:3.49", "cpe:/a:andy_armstrong:cgi.pm:2.59", "cpe:/a:andy_armstrong:cgi.pm:3.32", "cpe:/a:andy_armstrong:cgi.pm:2.17", "cpe:/a:andy_armstrong:cgi.pm:2.24", "cpe:/a:andy_armstrong:cgi.pm:2.751", "cpe:/a:andy_armstrong:cgi.pm:2.36", "cpe:/a:andy_armstrong:cgi.pm:2.79", "cpe:/a:andy_armstrong:cgi.pm:3.18", "cpe:/a:andy_armstrong:cgi.pm:2.86", "cpe:/a:andy_armstrong:cgi.pm:2.80", "cpe:/a:andy_armstrong:cgi.pm:2.70", "cpe:/a:andy_armstrong:cgi.pm:2.62", "cpe:/a:andy_armstrong:cgi.pm:3.17", "cpe:/a:andy_armstrong:cgi.pm:3.16", "cpe:/a:andy_armstrong:cgi.pm:2.90", "cpe:/a:andy_armstrong:cgi.pm:3.48", "cpe:/a:andy_armstrong:cgi.pm:2.58", "cpe:/a:andy_armstrong:cgi.pm:3.21", "cpe:/a:andy_armstrong:cgi.pm:3.26", "cpe:/a:andy_armstrong:cgi.pm:3.05", "cpe:/a:andy_armstrong:cgi-simple:1.110", "cpe:/a:andy_armstrong:cgi.pm:2.37", "cpe:/a:andy_armstrong:cgi.pm:2.16", "cpe:/a:andy_armstrong:cgi.pm:2.54", "cpe:/a:andy_armstrong:cgi.pm:3.36", "cpe:/a:andy_armstrong:cgi.pm:3.27", "cpe:/a:andy_armstrong:cgi.pm:2.98", "cpe:/a:andy_armstrong:cgi.pm:2.66", "cpe:/a:andy_armstrong:cgi.pm:3.33", "cpe:/a:andy_armstrong:cgi.pm:3.38", "cpe:/a:andy_armstrong:cgi-simple:0.83", "cpe:/a:andy_armstrong:cgi.pm:2.19", "cpe:/a:andy_armstrong:cgi.pm:3.28", "cpe:/a:andy_armstrong:cgi-simple:0.081", "cpe:/a:andy_armstrong:cgi.pm:3.08", "cpe:/a:andy_armstrong:cgi.pm:2.26", "cpe:/a:andy_armstrong:cgi.pm:2.73", "cpe:/a:andy_armstrong:cgi-simple:1.105", "cpe:/a:andy_armstrong:cgi.pm:2.752", "cpe:/a:andy_armstrong:cgi.pm:3.11", "cpe:/a:andy_armstrong:cgi.pm:2.52", "cpe:/a:andy_armstrong:cgi.pm:1.50", "cpe:/a:andy_armstrong:cgi.pm:2.55", "cpe:/a:andy_armstrong:cgi.pm:2.72", "cpe:/a:andy_armstrong:cgi.pm:2.91", "cpe:/a:andy_armstrong:cgi-simple:1.104", "cpe:/a:andy_armstrong:cgi.pm:3.19", "cpe:/a:andy_armstrong:cgi.pm:3.24", "cpe:/a:andy_armstrong:cgi.pm:2.18", "cpe:/a:andy_armstrong:cgi.pm:2.85", "cpe:/a:andy_armstrong:cgi.pm:2.35", "cpe:/a:andy_armstrong:cgi.pm:2.61", "cpe:/a:andy_armstrong:cgi.pm:2.89", "cpe:/a:andy_armstrong:cgi.pm:3.15", "cpe:/a:andy_armstrong:cgi.pm:3.42", "cpe:/a:andy_armstrong:cgi.pm:1.42", "cpe:/a:andy_armstrong:cgi.pm:1.45", "cpe:/a:andy_armstrong:cgi.pm:3.01", "cpe:/a:andy_armstrong:cgi.pm:2.50", "cpe:/a:andy_armstrong:cgi-simple:1.103", "cpe:/a:andy_armstrong:cgi.pm:2.74", "cpe:/a:andy_armstrong:cgi.pm:3.45", "cpe:/a:andy_armstrong:cgi.pm:2.68", "cpe:/a:andy_armstrong:cgi.pm:1.57", "cpe:/a:andy_armstrong:cgi.pm:2.22", "cpe:/a:andy_armstrong:cgi.pm:2.88", "cpe:/a:andy_armstrong:cgi.pm:2.82", "cpe:/a:andy_armstrong:cgi.pm:2.33", "cpe:/a:andy_armstrong:cgi.pm:3.29", "cpe:/a:andy_armstrong:cgi.pm:2.57", "cpe:/a:andy_armstrong:cgi.pm:2.01", "cpe:/a:andy_armstrong:cgi.pm:2.95", "cpe:/a:andy_armstrong:cgi.pm:3.02"], "id": "CVE-2010-4410", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4410", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:andy_armstrong:cgi.pm:3.28:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.22:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.24:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.88:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.44:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.37:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.110:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.90:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.99:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.08:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.59:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.22:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.49:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.50:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.57:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.39:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.92:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.30:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.48:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.80:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.48:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.33:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.67:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.50:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.43:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.76:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.58:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.68:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.75:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.44:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.57:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.52:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.40:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.079:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.45:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.70:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.34:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.43:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.46:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.13:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.34:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.32:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.71:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.24:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.72:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.30:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.31:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.05:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.95:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.29:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.41:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.109:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.38:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.752:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.19:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.108:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.54:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.27:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.27:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.98:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.107:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.40:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.47:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.081:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.36:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.41:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.65:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.66:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.26:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.38:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.62:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.63:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.21:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.69:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.12:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.36:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.46:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.56:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.53:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.37:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.82:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.35:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.83:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.14:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.15:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.96:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.86:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.103:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.105:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.56:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.61:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.87:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.55:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.79:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.111:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.42:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.78:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.83:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.112:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.51:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.751:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.04:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.19:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.42:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.33:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.080:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.09:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.85:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.81:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.18:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.25:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.54:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.104:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.93:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.43:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.18:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.47:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.64:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.20:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.25:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.94:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.49:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.51:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:1.45:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.32:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.23:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.84:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.60:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.31:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.45:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.39:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.26:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.77:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.17:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.89:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.06:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.91:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.44:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.35:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.15:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.082:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.28:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.03:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.55:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.52:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.29:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.106:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.73:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.53:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.42:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.74:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.97:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:2.23:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.11:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi-simple:0.078:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.07:*:*:*:*:*:*:*", "cpe:2.3:a:andy_armstrong:cgi.pm:3.16:*:*:*:*:*:*:*"]}], "metasploit": [{"lastseen": "2021-05-26T02:42:34", "description": "\n", "edition": 2, "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Cent OS: CVE-2010-2761: CESA-2011:1797 (perl)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/CENTOS_LINUX-CVE-2010-2761/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-04-11T03:36:23", "description": "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.", "cvss3": {}, "published": "2010-12-06T20:12:00", "type": "debiancve", "title": "CVE-2010-2761", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172"], "modified": "2010-12-06T20:12:00", "id": "DEBIANCVE:CVE-2010-2761", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2761", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-11T03:36:23", "description": "CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.", "cvss3": {}, "published": "2010-12-06T20:13:00", "type": "debiancve", "title": "CVE-2010-4410", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410"], "modified": "2010-12-06T20:13:00", "id": "DEBIANCVE:CVE-2010-4410", "href": "https://security-tracker.debian.org/tracker/CVE-2010-4410", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "f5": [{"lastseen": "2017-09-14T01:58:00", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {}, "published": "2017-09-14T01:12:00", "type": "f5", "title": "CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4410", "CVE-2010-2761", "CVE-2010-3172"], "modified": "2017-09-14T01:12:00", "id": "F5:K55423848", "href": "https://support.f5.com/csp/article/K55423848", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2022-01-17T19:13:33", "description": "### Background\n\nBugzilla is the bug-tracking system from the Mozilla project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers. \n\nA local attacker could disclose the contents of temporarfy files for uploaded attachments. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Bugzilla users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/bugzilla-3.6.6\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 27, 2011. It is likely that your system is already no longer affected by this issue.", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "gentoo", "title": "Bugzilla: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2761", "CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4411", "CVE-2010-4567", "CVE-2010-4568", "CVE-2010-4569", "CVE-2010-4570", "CVE-2010-4572", "CVE-2011-0046", "CVE-2011-0048", "CVE-2011-2379", "CVE-2011-2380", "CVE-2011-2381", "CVE-2011-2976", "CVE-2011-2977", "CVE-2011-2978", "CVE-2011-2979"], "modified": "2011-10-10T00:00:00", "id": "GLSA-201110-03", "href": "https://security.gentoo.org/glsa/201110-03", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}