Lucene search

K

[email protected]NVD:CVE-2007-4539

HistoryAug 27, 2007 - 9:17 p.m.

CVE-2007-4539

2007-08-2721:17:00

CWE-264

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.

Affected configurations

NVD

Node

mozillabugzillaMatch2.4

OR

mozillabugzillaMatch2.6

OR

mozillabugzillaMatch2.8

OR

mozillabugzillaMatch2.9

OR

mozillabugzillaMatch2.23.3

OR

mozillabugzillaMatch2.23.4

OR

mozillabugzillaMatch3.0.0

References

osvdb.org/37202

secunia.com/advisories/26584

secunia.com/advisories/26971

security.gentoo.org/glsa/glsa-200709-18.xml

www.bugzilla.org/security/2.20.4/

www.securityfocus.com/archive/1/477630/100/0/threaded

www.securityfocus.com/bid/25425

www.securitytracker.com/id?1018604

www.vupen.com/english/advisories/2007/2977

bugzilla.mozilla.org/show_bug.cgi?id=382056

exchange.xforce.ibmcloud.com/vulnerabilities/36244

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

Related for NVD:CVE-2007-4539

prion1 cvelist1 ubuntucve1 cve1 openvas4 nessus2 gentoo1 freebsd1