|
|
Family: CGI abuses --> Category: infos
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Bugzilla <= 2.18.1 / 2.19.3
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that suffers from
information disclosure vulnerabilities.
Description :
According to its banner, the version of Bugzilla installed on the
remote host reportedly allows any user to change any flag on a bug,
even if they don't otherwise have access to the bug or rights to make
changes to it. In addition, a private bug summary may be visible to
users if MySQL replication is used on the backend database.
See also :
http://www.bugzilla.org/security/2.18.1/
Solution :
Upgrade to Bugzilla 2.18.2 / 2.20rc1 or later.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
