Bugzilla Response Splitting

medium Nessus Plugin ID 50599

Synopsis

A web application is affected by a response splitting vulnerability.

Description

The version of Bugzilla hosted on the remote web server allows injection of arbitrary HTTP headers and content when Server Push is enabled in a browser.

Note that the install also likely creates restricted reports in a known location and with predictable names, which can lead to a loss of information, although Nessus has not checked for this.

Solution

Update to Bugzilla 3.2.9 / 3.4.9 / 3.6.3 or later.

See Also

https://www.bugzilla.org/security/3.2.8/

Plugin Details

Severity: Medium

ID: 50599

File Name: bugzilla_response_splitting.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 11/15/2010

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:mozilla:bugzilla

Required KB Items: installed_sw/Bugzilla

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 11/2/2010

Vulnerability Publication Date: 11/2/2010

Reference Information

CVE: CVE-2010-3172

BID: 44618