Summary
This host is running Bugzilla and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attackers to read sensitive information via the HTTP 'Referrer' header.
Impact Level: Application
Solution
Upgrade to Bugzilla version 3.4.2 or later.
For updates refer to http://www.bugzilla.org/download/
Insight
The flaw is caused because the application places a password in a 'URL' at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords.
Affected
Bugzilla version 3.4rc1 to 3.4.1.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3166 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities