CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
93.6%
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in “diff” mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.1 | cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.2 | cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.3 | cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.4 | cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.5 | cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.20 | cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:* |
secunia.com/advisories/22409
secunia.com/advisories/22790
security.gentoo.org/glsa/glsa-200611-04.xml
securityreason.com/securityalert/1760
securitytracker.com/id?1017064
www.bugzilla.org/security/2.18.5/
www.osvdb.org/29546
www.osvdb.org/29547
www.securityfocus.com/archive/1/448777/100/100/threaded
www.securityfocus.com/bid/20538
www.vupen.com/english/advisories/2006/4035
bugzilla.mozilla.org/show_bug.cgi?id=346086
bugzilla.mozilla.org/show_bug.cgi?id=346564