Lucene search

[email protected]CVE-2001-0330

HistorySep 18, 2001 - 4:00 a.m.

CVE-2001-0330

2001-09-1804:00:00

[email protected]

web.nvd.nist.gov

cve-2001-0330

bugzilla

remote access

http

information breach

sensitive info

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.

Affected configurations

NVD

Node

mozillabugzillaMatch2.4

mozillabugzillaMatch2.6

mozillabugzillaMatch2.8

mozillabugzillaMatch2.10

CPENameOperatorVersion
mozilla:bugzillamozilla bugzillaeq2.4
mozilla:bugzillamozilla bugzillaeq2.6
mozilla:bugzillamozilla bugzillaeq2.8
mozilla:bugzillamozilla bugzillaeq2.10

CPE	Name	Operator	Version
mozilla:bugzilla	mozilla bugzilla	eq	2.4
mozilla:bugzilla	mozilla bugzilla	eq	2.6
mozilla:bugzilla	mozilla bugzilla	eq	2.8
mozilla:bugzilla	mozilla bugzilla	eq	2.10

References

www.atstake.com/research/advisories/2001/a043001-1.txt

www.securityfocus.com/bid/2671

exchange.xforce.ibmcloud.com/vulnerabilities/6489

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2001-0330

nvd1 cvelist1 securityvulns1