Summary
The host is running Bugzilla and is prone to code injection and security bypass vulnerabilities.
Impact
Successful exploitation will allow remote attackers to gain sensitive information and bypass security restriction on the affected site.
Impact Level: Application
Solution
Upgrade to Bugzilla version 4.0.8, 4.2.3, 4.3.3 or higher For updates refer to http://www.bugzilla.org/download/
Insight
The flaws are due to
- When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injection.
- Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data.
Affected
Bugzilla 2.x and 3.x to 3.6.11, 3.7.x and 4.0.x to 4.0.7, 4.1.x and 4.2.x to 4.2.2, and 4.3.x to 4.3.2
References
Severity
Classification
-
CVE CVE-2012-3981, CVE-2012-4747 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache Subversion Module Metadata Accessible
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability