Summary
Bugzilla is prone to the following vulnerabilities:
1. A security bypass issue.
2. Multiple information-disclosure vulnerabilities.
3. A denial-of-service vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain sensitive information or cause the affected application to crash, denying service to legitimate users.
The following versions are vulnerable:
4.x and 3.2.x versions prior to 3.2.8,
4.1.x and 3.4.x versions prior to 3.4.8.
4.2.x and 3.6.x versions prior to 3.6.2.
4.3.x versions prior to 3.7.3.
Solution
Updates are available. Please see the references for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-2756, CVE-2010-2757, CVE-2010-2758, CVE-2010-2759 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- 123 Flash Chat Multiple Security Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability