Summary
The host is running Bugzilla and is prone to code injection and security bypass vulnerabilities.
Impact
Successful exploitation will allow remote attackers to gain sensitive information and bypass security restriction on the affected site.
Impact Level: Application
Solution
Upgrade to Bugzilla version 4.0.8, 4.2.3, 4.3.3 or higher For updates refer to http://www.bugzilla.org/download/
Insight
The flaws are due to
- When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injection.
- Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data.
Affected
Bugzilla 2.x and 3.x to 3.6.11, 3.7.x and 4.0.x to 4.0.7, 4.1.x and 4.2.x to 4.2.2, and 4.3.x to 4.3.2
References
Severity
Classification
-
CVE CVE-2012-3981, CVE-2012-4747 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- /cgi-bin directory browsable ?
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities