| VID |
210142 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Bugzilla bug-tracking system, according to its version number, has multiple vulnerabilities. Bugzilla is a Web-based bug-tracking system, based on Perl and MySQL. Bugzilla versions 4.3.1 through 4.3.3 are vulnerable to multiple vulnerabilities as follows:
- Due to incorrectly filtered field values in tabular reports, code can be injected, which could allow cross-site scripting (XSS). (CVE-2012-4189)
- When trying to mark an attachment in a restricted bug as obsolete, the description is disclosed in the resulting error message. (CVE-2012-4197)
- When calling the User.get method with a 'groups' argument, the existence of the groups is leaked, which could allow an attacker to identify groups via an error message. (CVE-2012-4198)
- Custom field names are disclosed in the JavaScript code generated when the visibility of a custom field is controlled by a restricted product or component of a product. (CVE-2012-4199)
- A vulnerability exists in swfstore.swf from YUI2 that could allow JavaScript injection exploits to be created against domains hosting the affected YUI .swf file. (CVE-2012-5883)
* Note: This check solely relied on the version number of Bugzilla installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.bugzilla.org/security/3.6.11/
* Platforms Affected:
Mozilla, Bugzilla from 4.3.1 to 4.3.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Bugzilla (4.4rc1 or later), available from the Bugzilla Download Web site at http://www.bugzilla.org/download/ |
| Related URL |
CVE-2012-4189,CVE-2012-4197,CVE-2012-4198,CVE-2012-4199,CVE-2012-5883 (CVE) |
| Related URL |
56385,56504 (SecurityFocus) |
| Related URL |
(ISS) |
|
