Lucene search

[email protected]NVD:CVE-2010-4568

HistoryJan 28, 2011 - 4:00 p.m.

CVE-2010-4568

2011-01-2816:00:02

CWE-264

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.

Affected configurations

NVD

Node

mozillabugzillaMatch2.14

mozillabugzillaMatch2.14.1

mozillabugzillaMatch2.14.2

mozillabugzillaMatch2.14.3

mozillabugzillaMatch2.14.4

mozillabugzillaMatch2.14.5

mozillabugzillaMatch2.16

mozillabugzillaMatch2.16rc1

mozillabugzillaMatch2.16rc2

mozillabugzillaMatch2.16.1

mozillabugzillaMatch2.16.2

mozillabugzillaMatch2.16.3

mozillabugzillaMatch2.16.4

mozillabugzillaMatch2.16.5

mozillabugzillaMatch2.16.6

mozillabugzillaMatch2.16.7

mozillabugzillaMatch2.16.8

mozillabugzillaMatch2.16.9

mozillabugzillaMatch2.16.10

mozillabugzillaMatch2.16.11

mozillabugzillaMatch2.17

mozillabugzillaMatch2.17.1

mozillabugzillaMatch2.17.3

mozillabugzillaMatch2.17.4

mozillabugzillaMatch2.17.5

mozillabugzillaMatch2.17.6

mozillabugzillaMatch2.17.7

mozillabugzillaMatch2.18

mozillabugzillaMatch2.18rc1

mozillabugzillaMatch2.18rc2

mozillabugzillaMatch2.18rc3

mozillabugzillaMatch2.18.1

mozillabugzillaMatch2.18.2

mozillabugzillaMatch2.18.3

mozillabugzillaMatch2.18.4

mozillabugzillaMatch2.18.5

mozillabugzillaMatch2.18.6

mozillabugzillaMatch2.18.6\+

mozillabugzillaMatch2.19

mozillabugzillaMatch2.19.1

mozillabugzillaMatch2.19.2

mozillabugzillaMatch2.19.3

mozillabugzillaMatch2.20

mozillabugzillaMatch2.20rc1

mozillabugzillaMatch2.20rc2

mozillabugzillaMatch2.20.1

mozillabugzillaMatch2.20.2

mozillabugzillaMatch2.20.3

mozillabugzillaMatch2.20.4

mozillabugzillaMatch2.20.5

mozillabugzillaMatch2.20.6

mozillabugzillaMatch2.20.7

mozillabugzillaMatch2.21

mozillabugzillaMatch2.21.1

mozillabugzillaMatch2.21.2

mozillabugzillaMatch2.22

mozillabugzillaMatch2.22rc1

mozillabugzillaMatch2.22.1

mozillabugzillaMatch2.22.2

mozillabugzillaMatch2.22.3

mozillabugzillaMatch2.22.4

mozillabugzillaMatch2.22.5

mozillabugzillaMatch2.22.6

Node

mozillabugzillaMatch3.0

mozillabugzillaMatch3.0rc1

mozillabugzillaMatch3.0.0

mozillabugzillaMatch3.0.1

mozillabugzillaMatch3.0.2

mozillabugzillaMatch3.0.3

mozillabugzillaMatch3.0.4

mozillabugzillaMatch3.0.5

mozillabugzillaMatch3.0.6

mozillabugzillaMatch3.0.7

mozillabugzillaMatch3.0.8

mozillabugzillaMatch3.0.9

mozillabugzillaMatch3.0.10

mozillabugzillaMatch3.0.11

Node

mozillabugzillaMatch3.1.0

mozillabugzillaMatch3.1.1

mozillabugzillaMatch3.1.2

mozillabugzillaMatch3.1.3

mozillabugzillaMatch3.1.4

Node

mozillabugzillaMatch3.2

mozillabugzillaMatch3.2rc1

mozillabugzillaMatch3.2rc2

mozillabugzillaMatch3.2.1

mozillabugzillaMatch3.2.2

mozillabugzillaMatch3.2.3

mozillabugzillaMatch3.2.4

mozillabugzillaMatch3.2.5

mozillabugzillaMatch3.2.6

mozillabugzillaMatch3.2.7

mozillabugzillaMatch3.2.8

mozillabugzillaMatch3.2.9

Node

mozillabugzillaMatch3.4

mozillabugzillaMatch3.4rc1

mozillabugzillaMatch3.4.1

mozillabugzillaMatch3.4.2

mozillabugzillaMatch3.4.3

mozillabugzillaMatch3.4.4

mozillabugzillaMatch3.4.5

mozillabugzillaMatch3.4.6

mozillabugzillaMatch3.4.7

mozillabugzillaMatch3.4.8

mozillabugzillaMatch3.4.9

Node

mozillabugzillaMatch3.6

mozillabugzillaMatch3.6rc1

mozillabugzillaMatch3.6.0

mozillabugzillaMatch3.6.1

mozillabugzillaMatch3.6.2

mozillabugzillaMatch3.6.3

Node

mozillabugzillaMatch4.0

mozillabugzillaMatch4.0rc1

References

lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html

lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html

osvdb.org/70700

secunia.com/advisories/43033

secunia.com/advisories/43165

www.bugzilla.org/security/3.2.9/

www.debian.org/security/2011/dsa-2322

www.securityfocus.com/bid/45982

www.vupen.com/english/advisories/2011/0207

www.vupen.com/english/advisories/2011/0271

bugzilla.mozilla.org/attachment.cgi?id=506031&action=diff

bugzilla.mozilla.org/show_bug.cgi?id=619594

bugzilla.mozilla.org/show_bug.cgi?id=621591

exchange.xforce.ibmcloud.com/vulnerabilities/65001

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for NVD:CVE-2010-4568

cve1 ubuntucve1 cvelist1 prion1 openvas10 nessus5 freebsd1 debian1 osv1 gentoo1