CVE-2010-4572 Information

Feb 14, 2021 cve

Description

CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10 3.4.x before 3.4.10 3.6.x before 3.6.4 and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string a different vulnerability than CVE-2010-2761 and CVE-2010-4411.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html http://osvdb.org/70703 http://secunia.com/advisories/43033 http://secunia.com/advisories/43165 http://www.bugzilla.org/security/3.2.9/ http://www.debian.org/security/2011/dsa-2322 http://www.securityfocus.com/bid/45982 http://www.vupen.com/english/advisories/2011/0207 http://www.vupen.com/english/advisories/2011/0271 https://bugzilla.mozilla.org/show_bug.cgi?id=621572 https://exchange.xforce.ibmcloud.com/vulnerabilities/65440

Share on: