CVE-2002-0008

Severity

75%

Complexity

99%

Confidentiality

106%

Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 23 years ago

2002-01-31 05:00:00

Last updated 16 years ago

2008-09-10 19:11:00

Affected Software

Mozilla Bugzilla

References

20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older

http://bugzilla.mozilla.org/show_bug.cgi?id=108385

Vendor Advisory

http://bugzilla.mozilla.org/show_bug.cgi?id=108516

Vendor Advisory

RHSA-2002:001

http://www.bugzilla.org/security2_14_1.html

Vendor Advisory

bugzilla-postbug-report-spoofing(7804)

bugzilla-processbug-comment-spoofing(7805)

3793

3794

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2002-0008

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 23 years ago

Last updated 16 years ago

Affected Software

Mozilla Bugzilla

References

20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older

http://bugzilla.mozilla.org/show_bug.cgi?id=108385

http://bugzilla.mozilla.org/show_bug.cgi?id=108516

RHSA-2002:001

http://www.bugzilla.org/security2_14_1.html

bugzilla-postbug-report-spoofing(7804)

bugzilla-processbug-comment-spoofing(7805)

3793

3794

Stay updated

Get in touch