The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host suffers from a flaw when parsing input to the ‘createemailregexp’ parameter of the ‘offer_account_by_email()’ function in the ‘WebService/User.pm’ file. An attacker exploiting this flaw would need to know that the SOAP::Lite Perl module was installed. Successful exploitation would result in the attacker being able to create arbitrary Bugzilla user accounts.
Binary data 4219.prm