Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310100699
HistoryJul 06, 2010 - 12:00 a.m.

Bugzilla 'time-tracking' Information Disclosure Vulnerability

2010-07-0600:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
11

5.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.8%

JSON

Bugzilla is prone to an information-disclosure vulnerability.

Exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.

This issue affects the following:

Bugzilla 2.17.1 through 3.2.6, Bugzilla 3.3.1 through 3.4.6, Bugzilla 3.5.1 through 3.6, Bugzilla 3.7

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mozilla:bugzilla";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100699");
  script_version("2023-07-28T16:09:07+0000");
  script_tag(name:"last_modification", value:"2023-07-28 16:09:07 +0000 (Fri, 28 Jul 2023)");
  script_tag(name:"creation_date", value:"2010-07-06 13:44:35 +0200 (Tue, 06 Jul 2010)");
  script_cve_id("CVE-2010-1204");

  script_name("Bugzilla 'time-tracking' Information Disclosure Vulnerability");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41141");
  script_xref(name:"URL", value:"http://www.bugzilla.org/security/3.2.6/");

  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"qod_type", value:"remote_banner");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_dependencies("bugzilla_detect.nasl");
  script_mandatory_keys("bugzilla/installed");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"solution", value:"Updates are available. Please see the references for more information.");

  script_tag(name:"summary", value:"Bugzilla is prone to an information-disclosure vulnerability.

Exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.

This issue affects the following:

Bugzilla 2.17.1 through 3.2.6, Bugzilla 3.3.1 through 3.4.6, Bugzilla 3.5.1 through 3.6, Bugzilla 3.7");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!vers = get_app_version(cpe: CPE, port: port))
  exit(0);

if (version_in_range(version: vers, test_version: "2.17.1", test_version2:"3.2.6") ||
    version_in_range(version: vers, test_version: "3.3.1", test_version2:"3.4.6")  ||
    version_in_range(version: vers, test_version: "3.5.1", test_version2:"3.6")    ||
    version_is_equal(version: vers, test_version:"3.7")) {
  security_message(port:port);
  exit(0);
}

exit(0);

Related

openvas 17
fedora 7
nessus 7
cvelist 1
prion 1
seebug 1
nvd 1
ubuntucve 1
cve 1
freebsd 1
openvas
openvas
Bugzilla 'time-tracking' Information Disclosure Vulnerability
2010-07-06 00:00:00
Fedora Update for bugzilla FEDORA-2010-10669
2010-07-12 00:00:00
Fedora Update for bugzilla FEDORA-2011-0755
2011-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: bugzilla-3.4.7-2.fc13
2010-07-07 17:38:54
[SECURITY] Fedora 13 Update: bugzilla-3.4.10-1.fc13
2011-02-02 19:36:07
[SECURITY] Fedora 13 Update: bugzilla-3.4.9-1.fc13
2010-11-14 21:28:33
nessus
nessus
Fedora 13 : bugzilla-3.4.7-2.fc13 (2010-10669)
2010-07-08 00:00:00
Fedora 12 : bugzilla-3.4.7-1.fc12 (2010-10398)
2010-07-06 00:00:00
FreeBSD : bugzilla -- information disclosure (f1331504-8849-11df-89b8-00151735203a)
2010-07-06 00:00:00
cvelist
cvelist
CVE-2010-1204
2022-10-03 16:21:01
prion
prion
Design/Logic Flaw
2010-06-28 17:30:00
seebug
seebug
Mozilla Bugzillaζ—Άι—΄θΏ½θΈͺεŠŸθƒ½δΏ‘ζ―ζ³„ιœ²ζΌζ΄ž
2010-06-28 00:00:00
nvd
nvd
CVE-2010-1204
2010-06-28 17:30:01
ubuntucve
ubuntucve
CVE-2010-1204
2010-06-28 00:00:00
cve
cve
CVE-2010-1204
2022-10-03 16:21:01
freebsd
freebsd
bugzilla -- information disclosure
2010-06-24 00:00:00

5.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.8%

JSON
Related for OPENVAS:1361412562310100699
openvas17fedora7nessus7cvelist1prion1seebug1nvd1ubuntucve1cve1freebsd1