Back to search
CVE-2010-3172
Published: Nov 5, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2010-17280
vendor-advisory
x_refsource_FEDORA
ADV-2010-2878
vdb-entry
x_refsource_VUPEN
http://www.bugzilla.org/security/3.2.8/
x_refsource_CONFIRM
FEDORA-2010-17274
vendor-advisory
x_refsource_FEDORA
1024683
vdb-entry
x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=600464
x_refsource_CONFIRM
FEDORA-2010-17235
vendor-advisory
x_refsource_FEDORA
ADV-2010-2975
vdb-entry
x_refsource_VUPEN
42271
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now