CVE-2011-2381 Information

Description

CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7 3.0.x through 3.3.x 3.4.x before 3.4.12 3.5.x 3.6.x before 3.6.6 3.7.x 4.0.x before 4.0.2 and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.

Reference

http://secunia.com/advisories/45501 http://www.bugzilla.org/security/3.4.11/ http://www.debian.org/security/2011/dsa-2322 http://www.osvdb.org/74300 http://www.securityfocus.com/bid/49042 https://bugzilla.mozilla.org/show_bug.cgi?id=657158 https://exchange.xforce.ibmcloud.com/vulnerabilities/69035