| VID |
210139 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Bugzilla bug-tracking system, according to its version number, has multiple vulnerabilities. Bugzilla is a Web-based bug-tracking system, based on Perl and MySQL. Bugzilla versions 3.6 through 3.6.11 are vulnerable to multiple vulnerabilities as follows:
- When trying to mark an attachment in a restricted bug as obsolete, the description is disclosed in the resulting error message. (CVE-2012-4197)
- Custom field names are disclosed in the JavaScript code generated when the visibility of a custom field is controlled by a restricted product or component of a product. (CVE-2012-4199)
* Note: This check solely relied on the version number of Bugzilla installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.bugzilla.org/security/3.6.11/
* Platforms Affected:
Mozilla, Bugzilla from 3.6 to 3.6.11
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Bugzilla (3.6.12 or later), available from the Bugzilla Download Web site at http://www.bugzilla.org/download/ |
| Related URL |
CVE-2012-4189,CVE-2012-4197,CVE-2012-4198,CVE-2012-4199,CVE-2012-5883 (CVE) |
| Related URL |
56385,56504 (SecurityFocus) |
| Related URL |
(ISS) |
|
