Lucene search

[email protected]CVE-2007-0792

HistoryFeb 06, 2007 - 7:28 p.m.

CVE-2007-0792

2007-02-0619:28:00

[email protected]

web.nvd.nist.gov

bugzilla

mod_perl

cve-2007-0792

database security

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.102 Low

EPSS

Percentile

95.0%

JSON

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

Affected configurations

NVD

Node

mozillabugzillaMatch2.23.3

CPENameOperatorVersion
mozilla:bugzillamozilla bugzillaeq2.23.3

CPE	Name	Operator	Version
mozilla:bugzilla	mozilla bugzilla	eq	2.23.3

References

osvdb.org/35862

securityreason.com/securityalert/2222

securitytracker.com/id?1017585

www.bugzilla.org/security/2.20.3/

www.securityfocus.com/archive/1/459025/100/0/threaded

www.securityfocus.com/bid/22380

www.vupen.com/english/advisories/2007/0477

exchange.xforce.ibmcloud.com/vulnerabilities/32252

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.102 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2007-0792

ubuntucve1 prion1 cvelist1 nvd1 securityvulns1