Lucene search

K

MitreCVELIST:CVE-2007-0792

HistoryFeb 06, 2007 - 7:00 p.m.

CVE-2007-0792

2007-02-0619:00:00

mitre

www.cve.org

6.6 Medium

AI Score

Confidence

High

0.102 Low

EPSS

Percentile

95.0%

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

References

osvdb.org/35862

securityreason.com/securityalert/2222

securitytracker.com/id?1017585

www.bugzilla.org/security/2.20.3/

www.securityfocus.com/archive/1/459025/100/0/threaded

www.securityfocus.com/bid/22380

www.vupen.com/english/advisories/2007/0477

exchange.xforce.ibmcloud.com/vulnerabilities/32252

6.6 Medium

AI Score

Confidence

High

0.102 Low

EPSS

Percentile

95.0%

Related for CVELIST:CVE-2007-0792

ubuntucve1 nvd1 cve1 prion1 securityvulns1