Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable5627.PRM
HistoryAug 13, 2010 - 12:00 a.m.

Bugzilla < 3.2.8 / 3.4.8 / 3.6.2 / 3.7.3 Multiple Vulnerabilities

2010-08-1300:00:00
Tenable
www.tenable.com
9

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

89.0%

JSON

The remote web server is hosting Bugzilla, a web-based bug tracking application.

Versions of Bugzilla 3.2.x earlier than 3.2.8, 3.4.x earlier than 3.4.8, 3.6.x earlier than 3.6.2, and 3.7.x earlier than 3.7.3 are potentially affected by multiple vulnerabilities :

  • It is possible to (at least partially) determine the membership of any group using the Search interface. (CVE-2010-2756).

  • It is possible to use the ‘sudo’ feature without sending a notification to the user being impersonated. (CVE-2010-2757)

  • The ‘Reports’ and ‘Duplicates’ pages let you guess the name of products you can’t see, due to the error message that is thrown. (CVE-2010-2758)

  • For installations using PostgreSQL, specifying “bug X” or “Attachment X” in a comment can deny access to the bug if X is larger than the maximum 32-bit signed integer size. (CVE-2010-2759)

Binary data 5627.prm
VendorProductVersionCPE
mozillabugzillacpe:/a:mozilla:bugzilla

Related

nessus 5
openvas 14
freebsd 1
fedora 3
cvelist 5
cve 5
nvd 5
ubuntucve 5
prion 5
nessus
nessus
FreeBSD : bugzilla -- information disclosure, denial of service (8cbf4d65-af9a-11df-89b8-00151735203a)
2010-08-25 00:00:00
Fedora 14 : bugzilla-3.6.2-1.fc14 (2010-13171)
2010-08-27 00:00:00
Fedora 13 : bugzilla-3.4.8-2.fc13 (2010-13086)
2010-08-29 00:00:00
openvas
openvas
FreeBSD Ports: bugzilla
2010-10-10 00:00:00
Fedora Update for bugzilla FEDORA-2010-13171
2010-12-02 00:00:00
Fedora Update for bugzilla FEDORA-2010-13171
2010-12-02 00:00:00
freebsd
freebsd
bugzilla -- information disclosure, denial of service
2010-08-05 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: bugzilla-3.6.2-1.fc14
2010-08-27 03:07:40
[SECURITY] Fedora 13 Update: bugzilla-3.4.8-2.fc13
2010-08-27 06:55:20
[SECURITY] Fedora 12 Update: bugzilla-3.4.8-1.fc12
2010-08-27 06:52:18
cvelist
cvelist
CVE-2010-2759
2010-08-13 19:00:00
CVE-2010-2758
2010-08-13 19:00:00
CVE-2010-2757
2010-08-13 19:00:00
cve
cve
CVE-2010-2759
2010-08-16 15:14:12
CVE-2010-2758
2010-08-16 15:14:12
CVE-2010-2757
2010-08-16 15:14:12
nvd
nvd
CVE-2010-2759
2010-08-16 15:14:12
CVE-2010-2758
2010-08-16 15:14:12
CVE-2010-2757
2010-08-16 15:14:12
ubuntucve
ubuntucve
CVE-2010-2759
2010-08-16 00:00:00
CVE-2010-2757
2010-08-16 00:00:00
CVE-2010-2758
2010-08-16 00:00:00
prion
prion
Code injection
2010-08-16 15:14:00
Code injection
2010-08-16 15:14:00
Design/Logic Flaw
2010-08-16 15:14:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

89.0%

JSON
Related for 5627.PRM
nessus5openvas14freebsd1fedora3cvelist5cve5nvd5ubuntucve5prion5