Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
NameCVE-2012-0440First vendor Publication2012-02-02
VendorCveLast vendor Modification2012-02-08

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score5.1Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0440

CWE : Common Weakness Enumeration

100 %CWE-352Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration


OpenVAS Exploits

2012-03-19Name : Fedora Update for bugzilla FEDORA-2012-1218
File : nvt/gb_fedora_2012_1218_bugzilla_fc16.nasl
2012-02-13Name : Fedora Update for bugzilla FEDORA-2012-1189
File : nvt/gb_fedora_2012_1189_bugzilla_fc15.nasl
2012-02-12Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla15.nasl

Nessus® Vulnerability Scanner

2012-02-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-1189.nasl - Type : ACT_GATHER_INFO
2012-02-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-1218.nasl - Type : ACT_GATHER_INFO
2012-02-07Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_309542b550b911e1b0d800151735203a.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

CONFIRM http://www.bugzilla.org/security/3.4.13/
SECTRACK http://www.securitytracker.com/id?1026623
SECUNIA http://secunia.com/advisories/47814
XF http://xforce.iss.net/xforce/xfdb/72882

Alert History

If you want to see full details history, please login or register.
2014-02-17 11:07:32
  • Multiple Updates
2013-05-10 22:32:24
  • Multiple Updates