7.5
CVE-2010-4568
- EPSS 2.53%
- Veröffentlicht 28.01.2011 16:00:02
- Zuletzt bearbeitet 16.06.2026 23:25:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.53% | 0.829 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://secunia.com/advisories/43033
http://secunia.com/advisories/43165
http://www.bugzilla.org/security/3.2.9/
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0271
http://www.debian.org/security/2011/dsa-2322
http://www.securityfocus.com/bid/45982
http://osvdb.org/70700
https://bugzilla.mozilla.org/attachment.cgi?id=506031&action=diff
https://bugzilla.mozilla.org/show_bug.cgi?id=619594
https://bugzilla.mozilla.org/show_bug.cgi?id=621591
https://exchange.xforce.ibmcloud.com/vulnerabilities/65001