Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-3166
HistorySep 15, 2009 - 10:30 p.m.

CVE-2009-3166

2009-09-1522:30:00
CWE-255
[email protected]
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.0%

JSON

token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

Affected configurations

NVD
Node
mozillabugzillaMatch3.4
OR
mozillabugzillaMatch3.4rc1
OR
mozillabugzillaMatch3.4.1

Related

openvas 12
cvelist 1
cve 1
ubuntucve 1
seebug 1
prion 1
freebsd 1
fedora 3
nessus 3
gentoo 1
openvas
openvas
Bugzilla URL Password Information Disclosure Vulnerability
2010-08-02 00:00:00
Bugzilla URL Password Information Disclosure Vulnerability
2010-08-02 00:00:00
FreeBSD Ports: bugzilla
2009-09-21 00:00:00
cvelist
cvelist
CVE-2009-3166
2009-09-15 22:00:00
cve
cve
CVE-2009-3166
2009-09-15 22:30:00
ubuntucve
ubuntucve
CVE-2009-3166
2009-09-15 00:00:00
seebug
seebug
Mozilla Bugzilla URLๅฃไปคไฟกๆฏๆณ„้œฒๆผๆดž
2009-09-16 00:00:00
prion
prion
Default credentials
2009-09-15 22:30:00
freebsd
freebsd
bugzilla -- two SQL injections, sensitive data exposure
2009-09-11 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: bugzilla-3.2.5-1.fc11
2009-09-19 00:06:52
[SECURITY] Fedora 10 Update: bugzilla-3.2.5-1.fc10
2009-09-19 00:11:57
[SECURITY] Fedora 11 Update: bugzilla-3.2.6-2.fc11
2010-02-09 05:10:39
nessus
nessus
FreeBSD : bugzilla -- two SQL injections, sensitive data exposure (b9ec7fe3-a38a-11de-9c6b-003048818f40)
2009-09-18 00:00:00
Bugzilla < 3.0.9/3.2.5/3.4.2 Multiple Vulnerabilities
2009-09-14 00:00:00
GLSA-201006-19 : Bugzilla: Multiple vulnerabilities
2010-06-04 00:00:00
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2010-06-04 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.0%

JSON
Related for NVD:CVE-2009-3166
openvas12cvelist1cve1ubuntucve1seebug1prion1freebsd1fedora3nessus3gentoo1