Executive Summary

Informations
NameCVE-2010-2756First vendor Publication2010-08-16
VendorCveLast vendor Modification2010-09-08

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2756

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application78

OpenVAS Exploits

DateDescription
2011-09-21Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla13.nasl
2011-01-20Name : Bugzilla Informaton Disclosure Vulnerability
File : nvt/gb_bugzilla_info_disclosure_vuln.nasl
2010-12-02Name : Fedora Update for bugzilla FEDORA-2010-13171
File : nvt/gb_fedora_2010_13171_bugzilla_fc14.nasl
2010-10-10Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla11.nasl
2010-08-30Name : Fedora Update for bugzilla FEDORA-2010-13072
File : nvt/gb_fedora_2010_13072_bugzilla_fc12.nasl
2010-08-30Name : Fedora Update for bugzilla FEDORA-2010-13086
File : nvt/gb_fedora_2010_13086_bugzilla_fc13.nasl
2010-08-09Name : Bugzilla Multiple Vulnerabilities
File : nvt/gb_bugzilla_42275.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
67196Bugzilla Search.pm Multiple Vector Arbitrary Group Membership Enumeration

Nessus® Vulnerability Scanner

DateDescription
2010-08-29Name : The remote Fedora host is missing a security update.
File : fedora_2010-13072.nasl - Type : ACT_GATHER_INFO
2010-08-29Name : The remote Fedora host is missing a security update.
File : fedora_2010-13086.nasl - Type : ACT_GATHER_INFO
2010-08-27Name : The remote Fedora host is missing a security update.
File : fedora_2010-13171.nasl - Type : ACT_GATHER_INFO
2010-08-25Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_8cbf4d65af9a11df89b800151735203a.nasl - Type : ACT_GATHER_INFO
2010-08-12Name : A CGI script hosted on the remote web server is affected by an information di...
File : bugzilla_reportedby_info_disclosure.nasl - Type : ACT_ATTACK

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/42275
CONFIRMhttp://www.bugzilla.org/security/3.2.7/
https://bugzilla.mozilla.org/show_bug.cgi?id=417048
https://bugzilla.redhat.com/show_bug.cgi?id=623423
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518....
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534....
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546....
SECUNIAhttp://secunia.com/advisories/40892
http://secunia.com/advisories/41128
VUPENhttp://www.vupen.com/english/advisories/2010/2035
http://www.vupen.com/english/advisories/2010/2205

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:56:31
  • Multiple Updates
2013-05-10 23:29:08
  • Multiple Updates