Korean
<< Back
VID 210132
Severity 30
Port 80, ...
Protocol TCP
Class CGI
Detailed Description The Bugzilla bug-tracking system, according to its version number, has multiple vulnerabilities. Bugzilla is a Web-based bug-tracking system, based on Perl and MySQL. Bugzilla versions 3.6 through 3.6.10 are vulnerable to multiple vulnerabilities as follows:

- When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injectionrmissions can be exploited to view descriptions of private attachments via public bug comments.
- Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data.

* Note: This check solely relied on the version number of Bugzilla installed on the remote Web server to assess this vulnerability, so this might be a false positive.

* References:
http://www.bugzilla.org/security/3.6.10/

* Platforms Affected:
Mozilla, Bugzilla from 3.6 to 3.6.10
Any operating system Any version
Recommendation Upgrade to the latest version of Bugzilla (3.6.11 or later), available from the Bugzilla Download Web site at http://www.bugzilla.org/download/
Related URL CVE-2012-3981,CVE-2012-4747 (CVE)
Related URL 55349 (SecurityFocus)
Related URL (ISS)