Summary
This host is running Bugzilla and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attackers to read sensitive configuration fields.
Impact Level: Application
Solution
upgrade Bugzilla 3.7.2 or later,
For updates refer to http://www.bugzilla.org/download/
Insight
The flaw is due to an error in 'install/Filesystem.pm', which uses world-readable permissions within 'bzr/' and 'data/webdot/'.
Affected
Bugzilla version 3.5.1 to 3.6.1 and 3.7 through 3.7.1,
References
Severity
Classification
-
CVE CVE-2010-2470 -
CVSS Base Score: 1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- BestShopPro 'str' Parameter Cross Site Scripting and SQL Injection Vulnerabilities
- phpWebSite 'local' Parameter Cross Site Scripting Vulnerability
- net2ftp Multiple Cross-Site Scripting Vulnerabilities
- OTRS Event Notification Information Disclosure Vulnerability
- BasiliX Arbitrary File Disclosure Vulnerability