5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.9%
The remote web server is hosting Bugzilla, a web-based bug tracking application.
Versions of Bugzilla 3.2.x earlier than 3.2.9, 3.4.x earlier than 3.4.9, and 3.6.x earlier than 3.6.3 are potentially affected by multiple vulnerabilities :
By inserting a certain string into a URL, it is possible to inject both headers and content to any browser that supports “Server Push”. (CVE-2010-3172)
The Charts system generates graphs with predictable names into the ‘graphs/’ directory, which can also be browsed to see its contents. (CVE-2010-3764)
YUI 2.8.1 is vulnerable to a cross-site scripting vulnerability in certain .swf files.
Binary data 5700.prm