| VID |
210145 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Bugzilla bug-tracking system, according to its version number, has a cross-site request forgery vulnerability. Bugzilla is a Web-based bug-tracking system, based on Perl and MySQL. Bugzilla versions 2.0 through 4.4.2 and 4.5 through 4.5.2 are affected by a cross-site request forgery vulnerability.
The vulnerability exists with the login form and could allow a remote attacker to cause a user to login using the attacker's credentials, alerting the attacker of any bugs the user submits.
* Note: This check solely relied on the version number of Bugzilla installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.bugzilla.org/security/4.0.11/
https://bugzilla.mozilla.org/show_bug.cgi?id=713926
* Platforms Affected:
Mozilla, Bugzilla 2.0 but prior to 4.4.3
Mozilla, Bugzilla 4.5 prior to 4.5.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Bugzilla (4.4.3 / 4.5.3 or later), available from the Bugzilla Download Web site at http://www.bugzilla.org/download/ |
| Related URL |
CVE-2014-1517 (CVE) |
| Related URL |
66984 (SecurityFocus) |
| Related URL |
(ISS) |
|
