Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Bugzilla Information Disclosure Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for information disclosure vulnerabilities in Bugzilla

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a CGI script that suffers from
information disclosure vulnerabilities.

Description :

According to its banner, the remote host is running a version of
Bugzilla that reportedly may include passwords in the web server logs
because it embeds a user's password in a report URL if the user is
prompted to log in while viewing a chart. It also allows users to learn
whether an invisible product exists in Bugzilla because the application
uses one error message if it does not and another if it does but access
is denied. And finally, it lets users enter bugs even when bug entry is
closed provided a valid product name is used.

See also :

Solution :

Upgrade to Bugzilla 2.18.1 or later.

Threat Level:

Low / CVSS Base Score : 2

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.