CVE-2010-4572Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-4572 | First vendor Publication | 2011-01-28 |
| Vendor | Cve | Last vendor Modification | 2011-10-25 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4572 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 70703 | Bugzilla chart.cgi Query String HTTP Response Splitting CRLF Injection |
Internal Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 23:38:44 |
|
(High)
