Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities


Vulnerability Assessment Details

Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities

Vulnerability Assessment Summary
Checks for multiple vulnerabilities in Bugzilla <= 2.18.1 / 2.19.3

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a CGI script that suffers from
information disclosure vulnerabilities.

Description :

According to its banner, the version of Bugzilla installed on the
remote host reportedly permits any user to change any flag on a bug,
even if they don't otherwise have access to the bug or rights to make
changes to it. In addition, a private bug summary may be visible to
users if MySQL replication is used on the backend database.

See also :

http://www.bugzilla.org/security/2.18.1/

Solution :

Upgrade to Bugzilla 2.18.2 / 2.20rc1 or later.

Network Security Threat Level:

Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)

Networks Security ID: 14198, 14200

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security

Cables, Connectors


Crucial 8GB 1x8GB PC RAM PC3L 12800U DDR3 1600MHz Desktop Memory DIMM picture

Crucial 8GB 1x8GB PC RAM PC3L 12800U DDR3 1600MHz Desktop Memory DIMM

$8.36



A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G picture

A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G

$13.99



Crucial 8GB SO-DIMM PC3-12800 (DDR3-1600) Memory picture

Crucial 8GB SO-DIMM PC3-12800 (DDR3-1600) Memory

$9.49



Micron 16GB DDR4-2400 SODIMM MTA16ATF2G64HZ-2G3E1 Laptop Memory RAM picture

Micron 16GB DDR4-2400 SODIMM MTA16ATF2G64HZ-2G3E1 Laptop Memory RAM

$21.99



Team T-FORCE VULCAN Z 32GB (2 x 16GB) PC RAM DDR4 3200 (PC4 25600) Memory picture

Team T-FORCE VULCAN Z 32GB (2 x 16GB) PC RAM DDR4 3200 (PC4 25600) Memory

$54.99



Crucial DDR3L 16GB 1600 2x 8GB PC3-12800 Laptop SODIMM Memory RAM PC3 16G DDR3 picture

Crucial DDR3L 16GB 1600 2x 8GB PC3-12800 Laptop SODIMM Memory RAM PC3 16G DDR3

$22.45



G.SKILL F4-2400C15D-16GTZR Trident Z RGB 32GB (4x8GB) DDR4-2400MHz Memory USED picture

G.SKILL F4-2400C15D-16GTZR Trident Z RGB 32GB (4x8GB) DDR4-2400MHz Memory USED

$60.00



A-Tech 8GB PC3-12800 Desktop DDR3 1600 MHz Non ECC 240-Pin DIMM Memory RAM 1x 8G picture

A-Tech 8GB PC3-12800 Desktop DDR3 1600 MHz Non ECC 240-Pin DIMM Memory RAM 1x 8G

$13.99



Samsung M393A8G40AB2-CWE 64GB 2Rx4 PC4-25600 ECC Registered Server Memory RAM picture

Samsung M393A8G40AB2-CWE 64GB 2Rx4 PC4-25600 ECC Registered Server Memory RAM

$134.99



Micron 32GB 2Rx4 PC4-3200 RDIMM DDR4-25600R ECC REG Registered Server Memory RAM picture

Micron 32GB 2Rx4 PC4-3200 RDIMM DDR4-25600R ECC REG Registered Server Memory RAM

$64.99



Discussions

No Discussions have been posted on this vulnerability.