CVE-2010-4572

N/A Unknown

Published: January 28, 2011 Modified: April 29, 2026

Description

CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html

Source: cve@mitre.org

http://osvdb.org/70703

Source: cve@mitre.org

http://secunia.com/advisories/43033

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/43165

Source: cve@mitre.org

Vendor Advisory

http://www.bugzilla.org/security/3.2.9/

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2011/dsa-2322

Source: cve@mitre.org

http://www.securityfocus.com/bid/45982

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0207

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0271

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=621572

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/65440

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/70703

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43033

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43165

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.bugzilla.org/security/3.2.9/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2011/dsa-2322

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45982

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0207

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0271

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=621572

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/65440

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

1.8%

76th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-94

Affected Vendors

mozilla

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1