This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:mozilla:bugzilla |
| Detail | |||
|---|---|---|---|
| Vendor | Mozilla | First view | 2000-05-11 |
| Product | Bugzilla | Last view | 2013-02-24 |
| Version | Type | Application | |
| Edition | |||
| Language | |||
| Update | |||
Activity : Yearly
COMMON PLATFORM ENUMERATION : Repartition per Version
This CPE Product have more than 100 Versions. If you want to see a complete summary for this CPE, please contact us.
| CPE Name | Affected CVE |
|---|---|
| cpe:/a:mozilla:bugzilla:4.4:rc1 | 1 |
| cpe:/a:mozilla:bugzilla:4.3.3 | 6 |
| cpe:/a:mozilla:bugzilla:4.3.2 | 9 |
| cpe:/a:mozilla:bugzilla:4.3.1 | 10 |
| cpe:/a:mozilla:bugzilla:4.3 | 10 |
Related : CVE
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2013-02-24 | CVE-2013-0786 | Network | Low | None Requ... | |
| 4.3 | 2013-02-24 | CVE-2013-0785 | Network | Medium | None Requ... | |
| 5 | 2012-11-16 | CVE-2012-5884 | Network | Low | None Requ... | |
| 4.3 | 2012-11-16 | CVE-2012-5883 | Network | Medium | None Requ... | |
| 4.3 | 2012-11-16 | CVE-2012-4199 | Network | Medium | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 4 | 2012-11-16 | CVE-2012-4198 | Network | Low | Requires ... | |
| 5 | 2012-11-16 | CVE-2012-4197 | Network | Low | None Requ... | |
| 4.3 | 2012-11-16 | CVE-2012-4189 | Network | Medium | None Requ... | |
| 5 | 2012-09-04 | CVE-2012-4747 | Network | Low | None Requ... | |
| 5 | 2012-09-04 | CVE-2012-3981 | Network | Low | None Requ... | |
| 4.3 | 2012-07-30 | CVE-2012-1969 | Network | Medium | None Requ... | |
| 4.3 | 2012-07-30 | CVE-2012-1968 | Network | Medium | None Requ... | |
| 4 | 2012-04-27 | CVE-2012-0466 | Network | High | None Requ... | |
| 4.3 | 2012-04-27 | CVE-2012-0465 | Network | Medium | None Requ... | |
| 5.1 | 2012-02-24 | CVE-2012-0453 | Network | High | None Requ... | |
| 4 | 2012-02-02 | CVE-2012-0448 | Network | Low | Requires ... | |
| 5.1 | 2012-02-02 | CVE-2012-0440 | Network | High | None Requ... | |
| 6.8 | 2012-01-02 | CVE-2011-3669 | Network | Medium | None Requ... | |
| 6.8 | 2012-01-02 | CVE-2011-3668 | Network | Medium | None Requ... | |
| 6.8 | 2012-01-02 | CVE-2011-3667 | Network | Medium | None Requ... | |
| 4.3 | 2012-01-02 | CVE-2011-3657 | Network | Medium | None Requ... | |
| 5 | 2011-08-09 | CVE-2011-2979 | Network | Low | None Requ... | |
| 5 | 2011-08-09 | CVE-2011-2978 | Network | Low | None Requ... | |
| 2.1 | 2011-08-09 | CVE-2011-2977 | Local | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (17) | CWE-264 | Permissions, Privileges, and Access Controls |
| 22% (15) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 16% (11) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 14% (10) | CWE-200 | Information Exposure |
| 4% (3) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| % | id | Name |
|---|---|---|
| 4% (3) | CWE-20 | Improper Input Validation |
| 2% (2) | CWE-255 | Credentials Management |
| 2% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 1% (1) | CWE-310 | Cryptographic Issues |
| 1% (1) | CWE-287 | Improper Authentication |
| 1% (1) | CWE-189 | Numeric Errors |
| 1% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
CAPEC : Common Attack Pattern Enumeration & Classificatio
| id | Name |
|---|---|
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-26 | Leveraging Race Conditions |
| CAPEC-27 | Leveraging Race Conditions via Symbolic Links |
| CAPEC-58 | Restful Privilege Elevation |
| CAPEC-63 | Simple Script Injection |
| id | Name |
|---|---|
| CAPEC-73 | User-Controlled Filename |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:11047 | Buffer overflow in LHA allows remote attackers to execute arbitrary code via ... |
Open Source Vulnerability Database (OSVDB)
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 78062 | Bugzilla User.offer_account_by_email Method user_can_create_account Value Par... |
| 78061 | Bugzilla report.cgi Real Name Field XSS |
| 78060 | Bugzilla chart.cgi label0 Parameter XSS |
| 78059 | Bugzilla attachment.cgi Attachment Addition CSRF |
| 78058 | Bugzilla post_bug.cgi Bug Report Creation CSRF |
| id | Description |
|---|---|
| 74525 | Bugzilla on Windows Uploaded Attachment Temporary File Local Information Disc... |
| 74303 | Bugzilla BUGLIST Cookie XSS |
| 74302 | Bugzilla Temporary Attachment File Local Disclosure |
| 74301 | Bugzilla Account Email Change Notification Weakness |
| 74300 | Bugzilla Flagmail Attachment Description Header CRLF Injection |
| 74299 | Bugzilla Custom Search URL Parsing Group Name Disclosure |
| 74298 | Bugzilla Bug Creation / Editing URL Parsing Group Name Disclosure |
| 74297 | Bugzilla Patch Attachment Raw Unified Viewing Mode XSS |
| 70710 | Bugzilla quips.cgi Quip Moderation CSRF |
| 70709 | Bugzilla colchange.cgi Column Manipulation CSRF |
| 70708 | Bugzilla chart.cgi Chart Manipulation CSRF |
| 70707 | Bugzilla sanitycheck.cgi Authentication Hijack CSRF |
| 70706 | Bugzilla votes.cgi Authentication Hijack CSRF |
| 70705 | Bugzilla buglist.cgi Saved Search Addition CSRF |
| 70704 | Bugzilla Multiple URI Clickable Link bug_file_loc Field XSS |
| 70703 | Bugzilla chart.cgi Query String HTTP Response Splitting CRLF Injection |
| 70702 | Bugzilla YUI DataTable Widget Duplicate Detection Summary Field XSS |
| 70701 | Bugzilla YUI AutoComplete Widget User Account Real Name Field XSS |
| 70700 | Bugzilla srand Function Cookie / Token Random Value Weakness Arbitrary Accoun... |
| 70699 | Bugzilla Multiple URI Preceding Whitespace bug_file_loc Field XSS |
