CVE-2009-3989

2010-02-03T19:30:00
ID CVE-2009-3989
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T19:47:00

Description

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.