4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.01 Low
EPSS
Percentile
83.4%
CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x
before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote
attackers to inject arbitrary HTTP headers and conduct HTTP response
splitting attacks via the query string, a different vulnerability than
CVE-2010-2761 and CVE-2010-4411.
Author | Note |
---|---|
sbeattie | debian’s references to CVE-2010-4572 included libcgi-pm-perl, libcgi-simple-perl, and perl, but CVE-2010-4410 is the relevant one for those. |