Lucene search
HistoryAug 09, 2011 - 7:55 p.m.
CVE-2011-2381
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.012
Percentile
85.1%
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.
Affected configurations
Node
mozillabugzillaMatch2.17.1
ORmozillabugzillaMatch2.17.3
ORmozillabugzillaMatch2.17.4
ORmozillabugzillaMatch2.17.5
ORmozillabugzillaMatch2.17.6
ORmozillabugzillaMatch2.17.7
ORmozillabugzillaMatch2.18
ORmozillabugzillaMatch2.18rc1
ORmozillabugzillaMatch2.18rc2
ORmozillabugzillaMatch2.18rc3
ORmozillabugzillaMatch2.18.1
ORmozillabugzillaMatch2.18.2
ORmozillabugzillaMatch2.18.3
ORmozillabugzillaMatch2.18.4
ORmozillabugzillaMatch2.18.5
ORmozillabugzillaMatch2.18.6
ORmozillabugzillaMatch2.19
ORmozillabugzillaMatch2.19.1
ORmozillabugzillaMatch2.19.2
ORmozillabugzillaMatch2.19.3
ORmozillabugzillaMatch2.20
ORmozillabugzillaMatch2.20rc1
ORmozillabugzillaMatch2.20rc2
ORmozillabugzillaMatch2.20.1
ORmozillabugzillaMatch2.20.2
ORmozillabugzillaMatch2.20.3
ORmozillabugzillaMatch2.20.4
ORmozillabugzillaMatch2.20.5
ORmozillabugzillaMatch2.20.6
ORmozillabugzillaMatch2.20.7
ORmozillabugzillaMatch2.21
ORmozillabugzillaMatch2.21.1
ORmozillabugzillaMatch2.21.2
ORmozillabugzillaMatch2.22
ORmozillabugzillaMatch2.22rc1
ORmozillabugzillaMatch2.22.1
ORmozillabugzillaMatch2.22.2
ORmozillabugzillaMatch2.22.3
ORmozillabugzillaMatch2.22.4
ORmozillabugzillaMatch2.22.5
ORmozillabugzillaMatch2.22.6
ORmozillabugzillaMatch2.22.7
Node
mozillabugzillaMatch3.4
ORmozillabugzillaMatch3.4rc1
ORmozillabugzillaMatch3.4.1
ORmozillabugzillaMatch3.4.2
ORmozillabugzillaMatch3.4.3
ORmozillabugzillaMatch3.4.4
ORmozillabugzillaMatch3.4.5
ORmozillabugzillaMatch3.4.6
ORmozillabugzillaMatch3.4.7
ORmozillabugzillaMatch3.4.8
ORmozillabugzillaMatch3.4.9
ORmozillabugzillaMatch3.4.10
ORmozillabugzillaMatch3.4.11
Node
mozillabugzillaMatch3.5
ORmozillabugzillaMatch3.5.1
ORmozillabugzillaMatch3.5.2
ORmozillabugzillaMatch3.5.3
Node
mozillabugzillaMatch3.6
ORmozillabugzillaMatch3.6rc1
ORmozillabugzillaMatch3.6.0
ORmozillabugzillaMatch3.6.1
ORmozillabugzillaMatch3.6.2
ORmozillabugzillaMatch3.6.3
ORmozillabugzillaMatch3.6.4
ORmozillabugzillaMatch3.6.5
Node
mozillabugzillaMatch3.7
ORmozillabugzillaMatch3.7.1
ORmozillabugzillaMatch3.7.2
ORmozillabugzillaMatch3.7.3
Node
mozillabugzillaMatch4.0
ORmozillabugzillaMatch4.0rc1
ORmozillabugzillaMatch4.0rc2
ORmozillabugzillaMatch4.0.1
Node
mozillabugzillaMatch4.1
ORmozillabugzillaMatch4.1.1
ORmozillabugzillaMatch4.1.2
Node
mozillabugzillaMatch3.0
ORmozillabugzillaMatch3.0rc1
ORmozillabugzillaMatch3.0.0
ORmozillabugzillaMatch3.0.1
ORmozillabugzillaMatch3.0.2
ORmozillabugzillaMatch3.0.3
ORmozillabugzillaMatch3.0.4
ORmozillabugzillaMatch3.0.5
ORmozillabugzillaMatch3.0.6
ORmozillabugzillaMatch3.0.7
ORmozillabugzillaMatch3.0.8
ORmozillabugzillaMatch3.0.9
ORmozillabugzillaMatch3.0.10
ORmozillabugzillaMatch3.0.11
ORmozillabugzillaMatch3.1.0
ORmozillabugzillaMatch3.1.1
ORmozillabugzillaMatch3.1.2
ORmozillabugzillaMatch3.1.3
ORmozillabugzillaMatch3.1.4
ORmozillabugzillaMatch3.2
ORmozillabugzillaMatch3.2rc1
ORmozillabugzillaMatch3.2rc2
ORmozillabugzillaMatch3.2.1
ORmozillabugzillaMatch3.2.2
ORmozillabugzillaMatch3.2.3
ORmozillabugzillaMatch3.2.4
ORmozillabugzillaMatch3.2.5
ORmozillabugzillaMatch3.2.6
ORmozillabugzillaMatch3.2.7
ORmozillabugzillaMatch3.2.8
ORmozillabugzillaMatch3.2.9
ORmozillabugzillaMatch3.2.10
ORmozillabugzillaMatch3.3
ORmozillabugzillaMatch3.3.1
ORmozillabugzillaMatch3.3.2
ORmozillabugzillaMatch3.3.3
ORmozillabugzillaMatch3.3.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | bugzilla | 2.17.1 | cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.17.3 | cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.17.4 | cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.17.5 | cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.17.6 | cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.17.7 | cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:* |
| mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:* |
| mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:* |
Related
cve
cve
CVE-2011-2381
2011-08-09 19:55:01
cvelist
cvelist
CVE-2011-2381
2011-08-09 19:00:00
ubuntucve
ubuntucve
CVE-2011-2381
2011-08-09 00:00:00
prion
prion
Crlf injection
2011-08-09 19:55:00
fedora
fedora
[SECURITY] Fedora 15 Update: bugzilla-3.6.6-1.fc15
2011-08-19 21:56:52
[SECURITY] Fedora 14 Update: bugzilla-3.6.6-1.fc14
2011-08-19 22:00:40
[SECURITY] Fedora 16 Update: bugzilla-4.0.2-1.fc16
2011-08-22 15:04:40
nessus
nessus
Fedora 15 : bugzilla-3.6.6-1.fc15 (2011-10426)
2011-08-20 00:00:00
Fedora 14 : bugzilla-3.6.6-1.fc14 (2011-10413)
2011-08-20 00:00:00
Fedora 16 : bugzilla-4.0.2-1.fc16 (2011-10399)
2011-08-23 00:00:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2011-10413
2011-08-24 00:00:00
Fedora Update for bugzilla FEDORA-2011-10399
2012-04-02 00:00:00
Fedora Update for bugzilla FEDORA-2011-10413
2011-08-24 00:00:00
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2011-08-04 00:00:00
debian
debian
[SECURITY] [DSA 2322-1] bugzilla security update
2011-10-10 16:12:14
osv
osv
bugzilla - several
2011-10-10 00:00:00
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2011-10-10 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.012
Percentile
85.1%
Related for NVD:CVE-2011-2381