Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2011-2381

EPSS 0.48% · P65
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2011-2381

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mozilla Bugzilla CRLF注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bugzilla是美国Mozilla基金会开发的一套开源的缺陷跟踪系统,它可管理软件开发中缺陷的提交(new)、修复(resolve)、关闭(close)等整个生命周期。 Bugzilla中存在CRLF注入漏洞。Bugzilla通常发送两种类型的电子邮件通知:bugmails和flagmails。bugmails是标准电子邮件用户在bug更改时收到的。flagmails仅发送给旗标要求者或旗标请求者。对于flagmails,附件说明中有新行可导致在编辑旗标时在通知中注入特制标头。仅收到bugmail的用户
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2011-2381

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2011-2381

登录查看更多情报信息。

Same Patch Batch · n/a · 2011-08-09 · 23 CVEs total

CVE-2008-7294Google Chrome Cookie修改漏洞
CVE-2011-2979Mozilla Bugzilla恶意代码执行漏洞
CVE-2011-2978Mozilla Bugzilla邮件更改通知恶意代码执行漏洞
CVE-2011-2977Mozilla Bugzilla越权访问漏洞
CVE-2011-2976Mozilla Bugzilla跨站脚本攻击漏洞
CVE-2011-2380Mozilla Bugzilla恶意代码执行漏洞
CVE-2011-2379Mozilla Bugzilla Raw Unified模式跨站脚本攻击漏洞
CVE-2008-7298Android浏览器Cookie修改漏洞
CVE-2008-7297Opera Cookie修改漏洞
CVE-2008-7296Apple Safari Cookie修改漏洞
CVE-2008-7295Microsoft Internet Explorer Cookie修改漏洞
CVE-2011-2221Novell Data Synchronizer Mobility Pack权限许可和访问控制漏洞
CVE-2008-7293Mozilla Firefox Cookie修改漏洞
CVE-2008-7292Mozilla Bugzilla敏感信息泄露漏洞
CVE-2011-3012ioQuake3引擎远程代码执行漏洞
CVE-2011-3014Novell Data Synchronizer Mobility Pack敏感信息泄露漏洞
CVE-2011-3013Novell Data Synchronizer Mobility Pack WebAdmin加密问题漏洞
CVE-2011-2590UUSee UUPlayer ActiveX控件'Play()'方法输入验证漏洞
CVE-2011-2589UUSee UUPlayer ActiveX控件'SendLogAction()'方法远程代码执行漏洞
CVE-2011-2224Novell Data Synchronizer Mobility Pack跨站脚本攻击漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2011-2381

No comments yet

Leave a comment