Back to search
CVE-2010-4568
Published: Jan 28, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
45982
vdb-entry
x_refsource_BID
43165
third-party-advisory
x_refsource_SECUNIA
70700
vdb-entry
x_refsource_OSVDB
http://www.bugzilla.org/security/3.2.9/
x_refsource_CONFIRM
FEDORA-2011-0741
vendor-advisory
x_refsource_FEDORA
ADV-2011-0271
vdb-entry
x_refsource_VUPEN
https://bugzilla.mozilla.org/attachment.cgi?id=506031&action=diff
x_refsource_CONFIRM
43033
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=621591
x_refsource_CONFIRM
ADV-2011-0207
vdb-entry
x_refsource_VUPEN
FEDORA-2011-0755
vendor-advisory
x_refsource_FEDORA
DSA-2322
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.mozilla.org/show_bug.cgi?id=619594
x_refsource_CONFIRM
bugzilla-number-security-bypass(65001)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now