CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
71.1%
The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host is potentially affected by multiple flaws :
A SQL injection vulnerability in the ‘Bug.search’ WebService function. (CVE-2009-3125)
A SQL injection vulnerability in the 'Bug.create WebService function. (CVE-2009-3165)
When a user reset their password and then logged in immediately afterward, their password would appear in the URL of their browser. (CVE-2009-3166)
Binary data 5169.prm