VID |
210133 |
Severity |
30 |
Port |
80, ... |
Protocol |
TCP |
Class |
CGI |
Detailed Description |
The Bugzilla bug-tracking system, according to its version number, has multiple vulnerabilities. Bugzilla is a Web-based bug-tracking system, based on Perl and MySQL. Bugzilla versions 4.0 through 4.0.7 are vulnerable to multiple vulnerabilities as follows:
- When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injectionrmissions can be exploited to view descriptions of private attachments via public bug comments. - Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data.
* Note: This check solely relied on the version number of Bugzilla installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References: http://www.bugzilla.org/security/3.6.10/
* Platforms Affected: Mozilla, Bugzilla from 4.0 to 4.0.7 Any operating system Any version |
Recommendation |
Upgrade to the latest version of Bugzilla (4.0.8 or later), available from the Bugzilla Download Web site at http://www.bugzilla.org/download/ |
Related URL |
CVE-2012-3981,CVE-2012-4747 (CVE) |
Related URL |
55349 (SecurityFocus) |
Related URL |
(ISS) |
|