Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable5700.PRM
HistoryNov 05, 2010 - 12:00 a.m.

Bugzilla < 3.2.9 / 3.4.9 / 3.6.3 Multiple Vulnerabilities

2010-11-0500:00:00
Tenable
www.tenable.com
12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.9%

JSON

The remote web server is hosting Bugzilla, a web-based bug tracking application.

Versions of Bugzilla 3.2.x earlier than 3.2.9, 3.4.x earlier than 3.4.9, and 3.6.x earlier than 3.6.3 are potentially affected by multiple vulnerabilities :

  • By inserting a certain string into a URL, it is possible to inject both headers and content to any browser that supports “Server Push”. (CVE-2010-3172)

  • The Charts system generates graphs with predictable names into the ‘graphs/’ directory, which can also be browsed to see its contents. (CVE-2010-3764)

  • YUI 2.8.1 is vulnerable to a cross-site scripting vulnerability in certain .swf files.

Binary data 5700.prm
VendorProductVersionCPE
mozillabugzillacpe:/a:mozilla:bugzilla

Related

openvas 14
fedora 3
securityvulns 3
nessus 13
cvelist 4
cve 4
ubuntucve 4
nvd 4
prion 4
debiancve 2
f5 1
gentoo 1
openvas
openvas
Bugzilla Response Splitting and Security Bypass Vulnerabilities
2010-11-05 00:00:00
Fedora Update for bugzilla FEDORA-2010-17274
2010-12-02 00:00:00
Bugzilla Response Splitting and Security Bypass Vulnerabilities
2010-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: bugzilla-3.6.3-1.fc14
2010-11-14 21:29:45
[SECURITY] Fedora 13 Update: bugzilla-3.4.9-1.fc13
2010-11-14 21:28:33
[SECURITY] Fedora 12 Update: bugzilla-3.4.9-1.fc12
2010-11-14 21:31:53
securityvulns
securityvulns
Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
2010-11-04 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-11-04 00:00:00
[ MDVSA-2010:250 ] perl-CGI-Simple
2010-12-12 00:00:00
nessus
nessus
Fedora 12 : bugzilla-3.4.9-1.fc12 (2010-17235)
2010-11-15 00:00:00
Fedora 14 : bugzilla-3.6.3-1.fc14 (2010-17274)
2010-11-15 00:00:00
Bugzilla Response Splitting
2010-11-15 00:00:00
cvelist
cvelist
CVE-2010-3172
2010-11-05 16:28:00
CVE-2010-3764
2010-11-05 16:28:00
CVE-2010-2761
2010-12-06 20:00:00
cve
cve
CVE-2010-3172
2010-11-05 17:00:02
CVE-2010-3764
2010-11-05 17:00:02
CVE-2010-2761
2010-12-06 20:12:58
ubuntucve
ubuntucve
CVE-2010-3172
2010-11-05 00:00:00
CVE-2010-3764
2010-11-05 00:00:00
CVE-2010-2761
2010-12-06 00:00:00
nvd
nvd
CVE-2010-3172
2010-11-05 17:00:02
CVE-2010-3764
2010-11-05 17:00:02
CVE-2010-2761
2010-12-06 20:12:58
prion
prion
Crlf injection
2010-11-05 17:00:00
Code injection
2010-11-05 17:00:00
Hardcoded credentials
2010-12-06 20:12:00
debiancve
debiancve
CVE-2010-2761
2010-12-06 20:12:58
CVE-2010-4410
2010-12-06 20:13:00
f5
f5
K55423848 : CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410
2017-09-13 00:00:00
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2011-10-10 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.9%

JSON
Related for 5700.PRM
openvas14fedora3securityvulns3nessus13cvelist4cve4ubuntucve4nvd4prion4debiancve2f51gentoo1