Executive Summary

Informations
NameCVE-2012-0440First vendor Publication2012-02-02
VendorCveLast vendor Modification2012-02-08

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score5.1Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score4.9AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0440

CWE : Common Weakness Enumeration

idName
CWE-352Cross-Site Request Forgery (CSRF)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application29

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://www.bugzilla.org/security/3.4.13/
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
SECTRACKhttp://www.securitytracker.com/id?1026623
SECUNIAhttp://secunia.com/advisories/47814
XFhttp://xforce.iss.net/xforce/xfdb/72882

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 22:32:24
  • Multiple Updates