User: Password:
Subscribe / Log in / New account

bugzilla: multiple vulnerabilities

Package(s):bugzilla CVE #(s):CVE-2010-3764 CVE-2010-3172
Created:November 15, 2010 Updated:January 20, 2011
Description: From the CVE entries:

The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. (CVE-2010-3764)

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. (CVE-2010-3172)

Gentoo 201110-03 bugzilla 2011-10-10
openSUSE openSUSE-SU-2011:0020-1 perl-CGI-Simple 2011-01-10
openSUSE openSUSE-SU-2011:0064-1 perl 2011-01-20
Mandriva MDVSA-2010:252 perl-CGI-Simple 2010-12-14
Fedora FEDORA-2010-17235 bugzilla 2010-11-04
Fedora FEDORA-2010-17280 bugzilla 2010-11-04
Fedora FEDORA-2010-17274 bugzilla 2010-11-04

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds