Описание
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | dropped by debian |
| hardy | ignored | end of life |
| karmic | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | not-affected | 3.6.3.0-1 |
| oneiric | not-affected | 3.6.3.0-1 |
| precise | DNE | dropped by debian |
| quantal | DNE | dropped by debian |
Показывать по
Ссылки на источники
EPSS
2.6 Low
CVSS2
Связанные уязвимости
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3. ...
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
EPSS
2.6 Low
CVSS2