Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Bugzilla Multiple Flaws (2) Vulnerability Scan


Vulnerability Scan Summary
Searches for the existence of bugzilla

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a CGI application that suffers from
multiple flaws.

Description :

The remote Bugzilla bug tracking system, according to its version
number, is vulnerable to various flaws :

- An administratrator may be able to execute arbitrary SQL commands on
the remote host.

- There are instances of information leaks which may let a possible hacker
know the database password (under certain circumstances, 2.17.x only)
or obtain the names of otherwise hidden products.

- A user with grant membership rights may escalate his rights
and belong to another group.

- There is a cross site scripting issue in the administrative web
interface.

- Users passwords may be embedded in URLs (2.17.x only).

- Several information leaks that may allow users to acertain the
names of other users and non-users to obtain a list of products,
including those that administrators might want to keep confidential.

See also :

http://www.bugzilla.org/security/

Solution :

Upgrade to 2.16.6 or 2.20 or later.

Threat Level:

Low / CVSS Base Score : 3
(AV:R/AC:L/Au:R/C:P/A:N/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.