| VID |
210135 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Bugzilla bug-tracking system, according to its version number, has multiple vulnerabilities. Bugzilla is a Web-based bug-tracking system, based on Perl and MySQL. Bugzilla versions 4.3 through 4.3.2 are vulnerable to multiple vulnerabilities as follows:
- When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injectionrmissions can be exploited to view descriptions of private attachments via public bug comments.
- Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data.
* Note: This check solely relied on the version number of Bugzilla installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.bugzilla.org/security/3.6.10/
* Platforms Affected:
Mozilla, Bugzilla from 4.3 to 4.3.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Bugzilla (4.3.3 or later), available from the Bugzilla Download Web site at http://www.bugzilla.org/download/ |
| Related URL |
CVE-2012-3981,CVE-2012-4747 (CVE) |
| Related URL |
55349 (SecurityFocus) |
| Related URL |
(ISS) |
|
