|
Family: CGI abuses --> Category: infos
Bugzilla Information Disclosure Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for information disclosure vulnerabilities in Bugzilla
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that suffers from
information disclosure vulnerabilities.
Description :
According to its banner, the remote host is running a version of
Bugzilla that reportedly may include passwords in the web server logs
because it embeds a user's password in a report URL if the user is
prompted to log in while viewing a chart. It also allows users to learn
whether an invisible product exists in Bugzilla because the application
uses one error message if it does not and another if it does but access
is denied. And finally, it lets users enter bugs even when bug entry is
closed provided a valid product name is used.
See also :
http://www.bugzilla.org/security/2.16.8/
Solution :
Upgrade to Bugzilla 2.18.1 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|