Bugzilla Response Splitting And Security Bypass Vulnerabilities Network Vulnerability

Summary

Bugzilla is prone to a response-splitting vulnerability and a security- bypass vulnerability. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions obtain sensitive information and influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to instill client users with a false sense of trust. These issues affect versions prior to 3.2.9, 3.4.9, and 3.6.3.

Solution

Updates are available. Please see the references for more information.

References

http://www.bugzilla.org
http://www.bugzilla.org/security/3.2.8/
https://www.securityfocus.com/bid/44618

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3172, CVE-2010-3764

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Apache Struts Directory Traversal Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Bugzilla Response Splitting and Security Bypass Vulnerabilities

Take action and discover your vulnerabilities