Summary
Bugzilla is prone to the following vulnerabilities:
1. A security bypass issue.
2. Multiple information-disclosure vulnerabilities.
3. A denial-of-service vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain sensitive information or cause the affected application to crash, denying service to legitimate users.
The following versions are vulnerable:
4.x and 3.2.x versions prior to 3.2.8,
4.1.x and 3.4.x versions prior to 3.4.8.
4.2.x and 3.6.x versions prior to 3.6.2.
4.3.x versions prior to 3.7.3.
Solution
Updates are available. Please see the references for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-2756, CVE-2010-2757, CVE-2010-2758, CVE-2010-2759 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Tomcat DOS Device Name XSS