CVE Database · CVE-2010-3172
CVSS v3.1
N/A
EPSS
1.79%
Published
Nov 5, 2010
Modified
Apr 28, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
Weaknesses (CWE)
Affected Products (105)
References (18)
...and 55 more
