Lucene search
RootSSV:4982HistoryApr 02, 2009 - 12:00 a.m.
Bugzilla attachment.cgi跨站请求伪造漏洞
2009-04-0200:00:00
Root
www.seebug.org
14
0.003 Low
EPSS
Percentile
71.6%
BUGTRAQ ID: 34308
CVE(CAN) ID: CVE-2009-1213
Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。
Bugzilla允许用户通过HTTP请求执行某些操作,但没有对请求执行有效性检查。如果已登录用户受骗访问了恶意网页的话,就可能通过attachment.cgi提交附件。
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.2.2
Mozilla
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.mozilla.org/” target=“_blank”>http://www.mozilla.org/</a>
Related
openvas
openvas
Fedora Core 9 FEDORA-2009-3405 (bugzilla)
2009-04-15 00:00:00
Fedora Core 10 FEDORA-2009-3410 (bugzilla)
2009-04-15 00:00:00
Fedora Core 10 FEDORA-2009-7669 (bugzilla)
2009-07-29 00:00:00
cve
cve
CVE-2009-1213
2009-04-01 10:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: bugzilla-3.2.4-1.fc10
2009-07-28 18:24:48
[SECURITY] Fedora 10 Update: bugzilla-3.2.3-1.fc10
2009-04-07 15:49:33
[SECURITY] Fedora 9 Update: bugzilla-3.2.3-1.fc9
2009-04-07 15:48:59
nessus
nessus
Fedora 9 : bugzilla-3.2.3-1.fc9 (2009-3405)
2009-04-08 00:00:00
Fedora 10 : bugzilla-3.2.3-1.fc10 (2009-3410)
2009-04-23 00:00:00
GLSA-201006-19 : Bugzilla: Multiple vulnerabilities
2010-06-04 00:00:00
cvelist
cvelist
CVE-2009-1213
2009-04-01 10:00:00
ubuntucve
ubuntucve
CVE-2009-1213
2009-04-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2009-04-01 10:30:00
nvd
nvd
CVE-2009-1213
2009-04-01 10:30:00
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2010-06-04 00:00:00