Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-0486 | First vendor Publication | 2009-02-09 |
Vendor | Cve | Last vendor Modification | 2009-03-25 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0486 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-19 (bugzilla) File : nvt/glsa_201006_19.nasl |
2009-03-20 | Name : Fedora Core 10 FEDORA-2009-2417 (bugzilla) File : nvt/fcore_2009_2417.nasl |
2009-03-20 | Name : Fedora Core 9 FEDORA-2009-2418 (bugzilla) File : nvt/fcore_2009_2418.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54057 | Bugzilla with mod_perl Startup Token Entropy Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-19.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2417.nasl - Type : ACT_GATHER_INFO |
2009-03-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2418.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:09:07 |
|
2021-04-22 01:09:27 |
|
2020-05-23 00:23:19 |
|
2016-04-26 18:37:27 |
|
2014-02-17 10:48:44 |
|
2013-05-10 23:43:45 |
|