CVE-2006-5454
6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.061 Low
EPSS
Percentile
93.4%
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in “diff” mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.
References
secunia.com/advisories/22409
secunia.com/advisories/22790
security.gentoo.org/glsa/glsa-200611-04.xml
securityreason.com/securityalert/1760
securitytracker.com/id?1017064
www.bugzilla.org/security/2.18.5/
www.osvdb.org/29546
www.osvdb.org/29547
www.securityfocus.com/archive/1/448777/100/100/threaded
www.securityfocus.com/bid/20538
www.vupen.com/english/advisories/2006/4035
bugzilla.mozilla.org/show_bug.cgi?id=346086
bugzilla.mozilla.org/show_bug.cgi?id=346564
Related
6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.061 Low
EPSS
Percentile
93.4%