Bugzilla Response Splitting And Security Bypass Vulnerabilities Network Vulnerability

Summary

Bugzilla is prone to a response-splitting vulnerability and a security- bypass vulnerability. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions obtain sensitive information and influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to instill client users with a false sense of trust. These issues affect versions prior to 3.2.9, 3.4.9, and 3.6.3.

Solution

Updates are available. Please see the references for more information.

References

http://www.bugzilla.org
http://www.bugzilla.org/security/3.2.8/
https://www.securityfocus.com/bid/44618

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3172, CVE-2010-3764
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat DOS Device Name XSS
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
AlienForm CGI script
/cgi-bin directory browsable ?

Bugzilla Response Splitting and Security Bypass Vulnerabilities

Take action and discover your vulnerabilities