CVE-2010-4572: Code Injection
First published: Fri Jan 28 2011(Updated: )
CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =2.0 | |
| Mozilla Bugzilla | =2.18.6\+ | |
| Mozilla Bugzilla | =2.16.8 | |
| Mozilla Bugzilla | =2.22.7 | |
| Mozilla Bugzilla | =3.4.3 | |
| Mozilla Bugzilla | =2.16_rc2 | |
| Mozilla Bugzilla | =2.18.8 | |
| Mozilla Bugzilla | =2.17.6 | |
| Mozilla Bugzilla | =2.16-rc2 | |
| Mozilla Bugzilla | =3.2-rc1 | |
| Mozilla Bugzilla | =2.18.5 | |
| Mozilla Bugzilla | =2.19.3 | |
| Mozilla Bugzilla | =2.20-rc2 | |
| Mozilla Bugzilla | =2.18.6 | |
| Mozilla Bugzilla | =2.17.2 | |
| Mozilla Bugzilla | =2.20-rc1 | |
| Mozilla Bugzilla | =2.16.1 | |
| Mozilla Bugzilla | =2.20 | |
| Mozilla Bugzilla | =2.19 | |
| Mozilla Bugzilla | =2.18-rc1 | |
| Mozilla Bugzilla | =3.6.1 | |
| Mozilla Bugzilla | =3.2.6 | |
| Mozilla Bugzilla | =3.6.0 | |
| Mozilla Bugzilla | =3.4.2 | |
| Mozilla Bugzilla | =2.16.2 | |
| Mozilla Bugzilla | =2.16.11 | |
| Mozilla Bugzilla | =3.6.3 | |
| Mozilla Bugzilla | =3.2.5 | |
| Mozilla Bugzilla | =2.20.5 | |
| Mozilla Bugzilla | =2.20.6 | |
| Mozilla Bugzilla | =2.22.3 | |
| Mozilla Bugzilla | =2.22.6 | |
| Mozilla Bugzilla | =2.17.4 | |
| Mozilla Bugzilla | =2.16-rc1 | |
| Mozilla Bugzilla | =2.23.2 | |
| Mozilla Bugzilla | =2.21.2 | |
| Mozilla Bugzilla | =2.10 | |
| Mozilla Bugzilla | =2.17.1 | |
| Mozilla Bugzilla | =3.2.3 | |
| Mozilla Bugzilla | =2.16 | |
| Mozilla Bugzilla | =2.22.1 | |
| Mozilla Bugzilla | =2.23.4 | |
| Mozilla Bugzilla | =2.16.9 | |
| Mozilla Bugzilla | =3.4.9 | |
| Mozilla Bugzilla | =2.20.1 | |
| Mozilla Bugzilla | =2.23.3 | |
| Mozilla Bugzilla | =2.14.2 | |
| Mozilla Bugzilla | =3.2.8 | |
| Mozilla Bugzilla | =2.18.7 | |
| Mozilla Bugzilla | =2.23.1 | |
| Mozilla Bugzilla | =2.22.2 | |
| Mozilla Bugzilla | =2.18.1 | |
| Mozilla Bugzilla | =2.22-rc1 | |
| Mozilla Bugzilla | =2.14.3 | |
| Mozilla Bugzilla | =2.22.5 | |
| Mozilla Bugzilla | =3.4.1 | |
| Mozilla Bugzilla | =3.4.4 | |
| Mozilla Bugzilla | =2.14.4 | |
| Mozilla Bugzilla | =3.4.8 | |
| Mozilla Bugzilla | =2.19.1 | |
| Mozilla Bugzilla | =2.16.7 | |
| Mozilla Bugzilla | =2.6 | |
| Mozilla Bugzilla | =3.4.7 | |
| Mozilla Bugzilla | =2.17.5 | |
| Mozilla Bugzilla | =2.22 | |
| Mozilla Bugzilla | =2.17.3 | |
| Mozilla Bugzilla | =2.4 | |
| Mozilla Bugzilla | =2.16.4 | |
| Mozilla Bugzilla | =2.12 | |
| Mozilla Bugzilla | =3.2 | |
| Mozilla Bugzilla | =2.20.3 | |
| Mozilla Bugzilla | =2.8 | |
| Mozilla Bugzilla | =3.2.4 | |
| Mozilla Bugzilla | =2.2 | |
| Mozilla Bugzilla | =2.18.4 | |
| Mozilla Bugzilla | =3.2.2 | |
| Mozilla Bugzilla | =2.16.3 | |
| Mozilla Bugzilla | =2.14.5 | |
| Mozilla Bugzilla | =2.18.9 | |
| Mozilla Bugzilla | =2.18 | |
| Mozilla Bugzilla | =2.18.3 | |
| Mozilla Bugzilla | =2.17.7 | |
| Mozilla Bugzilla | =2.20.7 | |
| Mozilla Bugzilla | =4.0-rc1 | |
| Mozilla Bugzilla | =2.20.2 | |
| Mozilla Bugzilla | =2.20.4 | |
| Mozilla Bugzilla | =2.21.1 | |
| Mozilla Bugzilla | =2.18-rc3 | |
| Mozilla Bugzilla | <=3.2.9 | |
| Mozilla Bugzilla | =2.17 | |
| Mozilla Bugzilla | =2.23 | |
| Mozilla Bugzilla | =2.16.6 | |
| Mozilla Bugzilla | =3.2.7 | |
| Mozilla Bugzilla | =2.9 | |
| Mozilla Bugzilla | =2.18.2 | |
| Mozilla Bugzilla | =2.18-rc2 | |
| Mozilla Bugzilla | =3.4.5 | |
| Mozilla Bugzilla | =3.2-rc2 | |
| Mozilla Bugzilla | =2.14.1 | |
| Mozilla Bugzilla | =2.22.4 | |
| Mozilla Bugzilla | =2.21 | |
| Mozilla Bugzilla | =3.2.1 | |
| Mozilla Bugzilla | =2.16.5 | |
| Mozilla Bugzilla | =3.4.6 | |
| Mozilla Bugzilla | =3.6.2 | |
| Mozilla Bugzilla | =2.14 | |
| Mozilla Bugzilla | =4.0 | |
| Mozilla Bugzilla | =2.19.2 | |
| Mozilla Bugzilla | =2.16.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/43033
- http://www.securityfocus.com/bid/45982
- http://www.vupen.com/english/advisories/2011/0207
- http://www.bugzilla.org/security/3.2.9/
- https://bugzilla.mozilla.org/show_bug.cgi?id=621572
- http://osvdb.org/70703
- http://secunia.com/advisories/43165
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
- http://www.vupen.com/english/advisories/2011/0271
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
- http://www.debian.org/security/2011/dsa-2322
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65440
Frequently Asked Questions
What is the severity of CVE-2010-4572?
CVE-2010-4572 has a moderate severity rating as it allows attackers to inject arbitrary HTTP headers.
How do I fix CVE-2010-4572?
To fix CVE-2010-4572, update Bugzilla to the latest version that includes security patches addressing this vulnerability.
What versions of Bugzilla are affected by CVE-2010-4572?
CVE-2010-4572 affects Bugzilla versions before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2.
What types of attacks can be conducted using CVE-2010-4572?
Attackers can use CVE-2010-4572 to conduct HTTP response splitting attacks through CRLF injection.
Is CVE-2010-4572 related to any other vulnerabilities?
CVE-2010-4572 is a different vulnerability than CVE-2010-276 despite both relating to security issues in Bugzilla.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/2.0
- version/mozilla bugzilla/2.18.6\+
- version/mozilla bugzilla/2.16.8
- version/mozilla bugzilla/2.22.7
- version/mozilla bugzilla/3.4.3
- version/mozilla bugzilla/2.16_rc2
- version/mozilla bugzilla/2.18.8
- version/mozilla bugzilla/2.17.6
- version/mozilla bugzilla/2.16-rc2
- version/mozilla bugzilla/3.2-rc1
- version/mozilla bugzilla/2.18.5
- version/mozilla bugzilla/2.19.3
- version/mozilla bugzilla/2.20-rc2
- version/mozilla bugzilla/2.18.6
- version/mozilla bugzilla/2.17.2
- version/mozilla bugzilla/2.20-rc1
- version/mozilla bugzilla/2.16.1
- version/mozilla bugzilla/2.20
- version/mozilla bugzilla/2.19
- version/mozilla bugzilla/2.18-rc1
- version/mozilla bugzilla/3.6.1
- version/mozilla bugzilla/3.2.6
- version/mozilla bugzilla/3.6.0
- version/mozilla bugzilla/3.4.2
- version/mozilla bugzilla/2.16.2
- version/mozilla bugzilla/2.16.11
- version/mozilla bugzilla/3.6.3
- version/mozilla bugzilla/3.2.5
- version/mozilla bugzilla/2.20.5
- version/mozilla bugzilla/2.20.6
- version/mozilla bugzilla/2.22.3
- version/mozilla bugzilla/2.22.6
- version/mozilla bugzilla/2.17.4
- version/mozilla bugzilla/2.16-rc1
- version/mozilla bugzilla/2.23.2
- version/mozilla bugzilla/2.21.2
- version/mozilla bugzilla/2.10
- version/mozilla bugzilla/2.17.1
- version/mozilla bugzilla/3.2.3
- version/mozilla bugzilla/2.16
- version/mozilla bugzilla/2.22.1
- version/mozilla bugzilla/2.23.4
- version/mozilla bugzilla/2.16.9
- version/mozilla bugzilla/3.4.9
- version/mozilla bugzilla/2.20.1
- version/mozilla bugzilla/2.23.3
- version/mozilla bugzilla/2.14.2
- version/mozilla bugzilla/3.2.8
- version/mozilla bugzilla/2.18.7
- version/mozilla bugzilla/2.23.1
- version/mozilla bugzilla/2.22.2
- version/mozilla bugzilla/2.18.1
- version/mozilla bugzilla/2.22-rc1
- version/mozilla bugzilla/2.14.3
- version/mozilla bugzilla/2.22.5
- version/mozilla bugzilla/3.4.1
- version/mozilla bugzilla/3.4.4
- version/mozilla bugzilla/2.14.4
- version/mozilla bugzilla/3.4.8
- version/mozilla bugzilla/2.19.1
- version/mozilla bugzilla/2.16.7
- version/mozilla bugzilla/2.6
- version/mozilla bugzilla/3.4.7
- version/mozilla bugzilla/2.17.5
- version/mozilla bugzilla/2.22
- version/mozilla bugzilla/2.17.3
- version/mozilla bugzilla/2.4
- version/mozilla bugzilla/2.16.4
- version/mozilla bugzilla/2.12
- version/mozilla bugzilla/3.2
- version/mozilla bugzilla/2.20.3
- version/mozilla bugzilla/2.8
- version/mozilla bugzilla/3.2.4
- version/mozilla bugzilla/2.2
- version/mozilla bugzilla/2.18.4
- version/mozilla bugzilla/3.2.2
- version/mozilla bugzilla/2.16.3
- version/mozilla bugzilla/2.14.5
- version/mozilla bugzilla/2.18.9
- version/mozilla bugzilla/2.18
- version/mozilla bugzilla/2.18.3
- version/mozilla bugzilla/2.17.7
- version/mozilla bugzilla/2.20.7
- version/mozilla bugzilla/4.0-rc1
- version/mozilla bugzilla/2.20.2
- version/mozilla bugzilla/2.20.4
- version/mozilla bugzilla/2.21.1
- version/mozilla bugzilla/2.18-rc3
- version/mozilla bugzilla/3.2.9
- version/mozilla bugzilla/2.17
- version/mozilla bugzilla/2.23
- version/mozilla bugzilla/2.16.6
- version/mozilla bugzilla/3.2.7
- version/mozilla bugzilla/2.9
- version/mozilla bugzilla/2.18.2
- version/mozilla bugzilla/2.18-rc2
- version/mozilla bugzilla/3.4.5
- version/mozilla bugzilla/3.2-rc2
- version/mozilla bugzilla/2.14.1
- version/mozilla bugzilla/2.22.4
- version/mozilla bugzilla/2.21
- version/mozilla bugzilla/3.2.1
- version/mozilla bugzilla/2.16.5
- version/mozilla bugzilla/3.4.6
- version/mozilla bugzilla/3.6.2
- version/mozilla bugzilla/2.14
- version/mozilla bugzilla/4.0
- version/mozilla bugzilla/2.19.2
- version/mozilla bugzilla/2.16.10