Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDE135F0C9-375F-11E3-80B7-20CF30E32F6D
HistoryOct 16, 2013 - 12:00 a.m.

bugzilla -- multiple vulnerabilities

2013-10-1600:00:00
vuxml.freebsd.org
10

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.0%

JSON

A Bugzilla Security Advisory reports:

Cross-Site Request Forgery
When a user submits changes to a bug right after another
user did, a midair collision page is displayed to inform
the user about changes recently made. This page contains
a token which can be used to validate the changes if the
user decides to submit his changes anyway. A regression
in Bugzilla 4.4 caused this token to be recreated if a
crafted URL was given, even when no midair collision page
was going to be displayed, allowing an attacker to bypass
the token check and abuse a user to commit changes on his
behalf.
Cross-Site Request Forgery
When an attachment is edited, a token is generated to
validate changes made by the user. Using a crafted URL,
an attacker could force the token to be recreated,
allowing him to bypass the token check and abuse a user
to commit changes on his behalf.
Cross-Site Scripting
Some parameters passed to editflagtypes.cgi were not
correctly filtered in the HTML page, which could lead
to XSS.
Cross-Site Scripting
Due to an incomplete fix for CVE-2012-4189, some
incorrectly filtered field values in tabular reports
could lead to XSS.

Related

nessus 9
securityvulns 6
fedora 3
openvas 6
mageia 1
prion 5
cve 5
ubuntucve 5
exploitpack 1
exploitdb 1
freebsd 1
nessus
nessus
Mandriva Linux Security Advisory : bugzilla (MDVSA-2013:285)
2013-11-27 00:00:00
FreeBSD : bugzilla -- multiple vulnerabilities (e135f0c9-375f-11e3-80b7-20cf30e32f6d)
2013-10-18 00:00:00
Bugzilla < 4.0.11 / 4.2.7 / 4.4.1 Multiple Vulnerabilities
2013-10-31 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:285 ] bugzilla
2013-12-09 00:00:00
Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11
2013-10-27 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-10-28 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: bugzilla-4.2.7-1.fc19
2013-10-29 03:47:45
[SECURITY] Fedora 20 Update: bugzilla-4.2.7-1.fc20
2013-11-10 07:27:24
[SECURITY] Fedora 18 Update: bugzilla-4.2.7-1.fc18
2013-10-29 03:46:48
openvas
openvas
Fedora Update for bugzilla FEDORA-2013-19480
2013-10-29 00:00:00
Fedora Update for bugzilla FEDORA-2013-19480
2013-10-29 00:00:00
Fedora Update for bugzilla FEDORA-2013-19458
2013-10-29 00:00:00
mageia
mageia
Updated bugzilla package fixes multiple vulnerabilities
2014-05-02 21:50:55
prion
prion
Cross site scripting
2013-10-24 10:53:00
Cross site scripting
2013-10-24 10:53:00
Cross site request forgery (csrf)
2013-10-24 10:53:00
cve
cve
CVE-2013-1743
2013-10-24 10:53:00
CVE-2013-1742
2013-10-24 10:53:00
CVE-2013-1734
2013-10-24 10:53:00
ubuntucve
ubuntucve
CVE-2013-1743
2013-10-24 00:00:00
CVE-2013-1742
2013-10-24 00:00:00
CVE-2013-1733
2013-10-24 00:00:00
exploitpack
exploitpack
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
2013-10-09 00:00:00
exploitdb
exploitdb
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
2013-10-09 00:00:00
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2012-11-13 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.0%

JSON
Related for E135F0C9-375F-11E3-80B7-20CF30E32F6D
nessus9securityvulns6fedora3openvas6mageia1prion5cve5ubuntucve5exploitpack1exploitdb1freebsd1