ID CVE-2003-0602 Type cve Reporter cve@mitre.org Modified 2008-09-05T20:34:00
Description
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
{"osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "cvelist": ["CVE-2003-0602"], "edition": 1, "description": "## Vulnerability Description\nBugzilla contains a flaw that allows a remote cross site scripting attack. This flaw exists because the GraphViz graph generation feature for local dependency graphs does not validate ALT and NAME attributes within AREA tags. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 2.16.3 (stable release) or 2.17.4 (development release) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nBugzilla contains a flaw that allows a remote cross site scripting attack. This flaw exists because the GraphViz graph generation feature for local dependency graphs does not validate ALT and NAME attributes within AREA tags. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.bugzilla.org\n[Vendor Specific Advisory URL](http://www.bugzilla.org/security/2.16.2/)\n[Vendor Specific Advisory URL](http://bugzilla.mozilla.org/show_bug.cgi?id=192661)\n[Vendor Specific Advisory URL](http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000653)\n[Secunia Advisory ID:8669](https://secuniaresearch.flexerasoftware.com/advisories/8669/)\n[Related OSVDB ID: 6350](https://vulners.com/osvdb/OSVDB:6350)\nISS X-Force ID: 11866\n[CVE-2003-0602](https://vulners.com/cve/CVE-2003-0602)\nBugtraq ID: 6861\n", "modified": "2003-02-10T22:44:00", "published": "2003-02-10T22:44:00", "href": "https://vulners.com/osvdb/OSVDB:6349", "id": "OSVDB:6349", "type": "osvdb", "title": "Bugzilla Local Dependancy Graph XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "cvelist": ["CVE-2003-0602"], "edition": 1, "description": "## Vulnerability Description\nBugzilla contains a flaw that allows a remote cross site scripting attack. This flaw exists because the default HTML templates does not validate user-supplied input upon submission to Bugzilla form fields. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 2.16.3 (stable release) or 2.17.4 (development release) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nBugzilla contains a flaw that allows a remote cross site scripting attack. This flaw exists because the default HTML templates does not validate user-supplied input upon submission to Bugzilla form fields. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.bugzilla.org\n[Vendor Specific Advisory URL](http://www.bugzilla.org/security/2.16.2/)\n[Vendor Specific Advisory URL](http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000653)\n[Vendor Specific Advisory URL](http://bugzilla.mozilla.org/show_bug.cgi?id=192677)\n[Secunia Advisory ID:8669](https://secuniaresearch.flexerasoftware.com/advisories/8669/)\n[Related OSVDB ID: 6349](https://vulners.com/osvdb/OSVDB:6349)\nISS X-Force ID: 11865\n[CVE-2003-0602](https://vulners.com/cve/CVE-2003-0602)\nBugtraq ID: 6868\n", "modified": "2003-02-11T01:08:00", "published": "2003-02-11T01:08:00", "href": "https://vulners.com/osvdb/OSVDB:6350", "id": "OSVDB:6350", "type": "osvdb", "title": "Bugzilla Default HTML Template Multiple XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-20T09:25:19", "description": "The remote Bugzilla bug tracking system, according to its version\nnumber, contains various flaws that may let an attacker perform cross-\nsite scripting attacks or even delete local files (provided he has an\naccount on the remote host).", "edition": 24, "published": "2003-04-26T00:00:00", "title": "Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0603", "CVE-2003-0602"], "modified": "2003-04-26T00:00:00", "cpe": ["cpe:/a:mozilla:bugzilla"], "id": "BUGZILLA_XSS_AND_TMP_FILES.NASL", "href": "https://www.tenable.com/plugins/nessus/11553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# Ref:\n# Date: Fri, 25 Apr 2003 04:40:33 -0400\n# To: bugtraq@securityfocus.com, announce@bugzilla.org,\n# From: David Miller <justdave@syndicomm.com>\n# Subject: [BUGZILLA] Security Advisory - XSS, insecure temporary filenames\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11553);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2003-0602\", \"CVE-2003-0603\");\n script_bugtraq_id(6861, 6868, 7412);\n\n script_name(english:\"Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)\");\n script_summary(english:\"Checks Bugzilla version number\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI application that is affected by\nseveral issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Bugzilla bug tracking system, according to its version\nnumber, contains various flaws that may let an attacker perform cross-\nsite scripting attacks or even delete local files (provided he has an\naccount on the remote host).\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to 2.16.3 / 2.17.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:W/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/04/26\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:bugzilla\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n\n script_dependencies(\"bugzilla_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"installed_sw/Bugzilla\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = 'Bugzilla';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80);\n\n# Check the installed version.\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\nversion = install['version'];\ndir = install['path'];\ninstall_loc = build_url(port:port, qs:dir+'/query.cgi');\n\nif(ereg(pattern:\"^(1\\..*)|(2\\.(0\\..*|1[0-3]\\..*|14\\..*|15\\..*|16\\.[0-2]|17\\.[0-3]))[^0-9]*$\",\n string:version))\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n Version : ' + version +\n '\\n URL : ' + install_loc;\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_loc, version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
