Lucene search

K
nessusTenable5744.PRM
HistoryNov 25, 2010 - 12:00 a.m.

Bugzilla < 3.2.10 / 3.4.10 / 3.6.4 Multiple Vulnerabilities

2010-11-2500:00:00
Tenable
www.tenable.com
6

The remote web server is hosting Bugzilla, a web-based bug tracking application.

Versions of Bugzilla 3.2.x earlier than 3.2.10, 3.4.x earlier than 3.4.10, and 3.6.x earlier than 3.6.4 are potentially affected by multiple vulnerabilities :

  • A weakness could allow a user to gain unauthorized access to another Bugzilla account.

  • A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages.

  • It is possible to insert harmful ‘javascript:’ or ‘data:’ URLs into Bugzilla’s ‘URL’ field which in some cases Buzilla will make clickable.

  • Various pages lack protection against cross-site request forgeries.

Binary data 5744.prm
VendorProductVersion
mozillabugzilla