Summary
Bugzilla is prone to a response-splitting vulnerability and a security- bypass vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions
obtain sensitive information
and
influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to instill client users with a false sense of trust.
These issues affect versions prior to 3.2.9, 3.4.9, and 3.6.3.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-3172, CVE-2010-3764 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities