Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4568 | First vendor Publication | 2011-01-28 |
Vendor | Cve | Last vendor Modification | 2017-08-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4568 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla) File : nvt/glsa_201110_03.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2322-1 (bugzilla) File : nvt/deb_2322_1.nasl |
2011-03-05 | Name : FreeBSD Ports: bugzilla File : nvt/freebsd_bugzilla12.nasl |
2011-02-04 | Name : Fedora Update for bugzilla FEDORA-2011-0741 File : nvt/gb_fedora_2011_0741_bugzilla_fc14.nasl |
2011-01-26 | Name : Bugzilla Multiple Vulnerabilities File : nvt/gb_bugzilla_45982.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70700 | Bugzilla srand Function Cookie / Token Random Value Weakness Arbitrary Accoun... Bugzilla contains a flaw related to the generating of random values for cookies and tokens. This may allow a remote attacker to obtain access to arbitrary accounts via a vector related to insufficiently random calls to the srand function. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2322.nasl - Type : ACT_GATHER_INFO |
2011-10-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-03.nasl - Type : ACT_GATHER_INFO |
2011-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0741.nasl - Type : ACT_GATHER_INFO |
2011-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0755.nasl - Type : ACT_GATHER_INFO |
2011-01-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c8c927e5289111e08f2600151735203a.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:12:37 |
|
2021-04-22 01:13:38 |
|
2020-05-23 00:27:04 |
|
2017-08-17 09:23:10 |
|
2016-06-28 18:24:26 |
|
2016-04-26 20:17:52 |
|
2014-02-17 10:59:00 |
|
2013-05-10 23:38:43 |
|