Executive Summary

Informations
NameCVE-2012-0440First vendor Publication2012-02-02
VendorCveLast vendor Modification2012-02-08

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score5.1Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0440

CWE : Common Weakness Enumeration

idName
CWE-352Cross-Site Request Forgery (CSRF)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application29

OpenVAS Exploits

DateDescription
2012-03-19Name : Fedora Update for bugzilla FEDORA-2012-1218
File : nvt/gb_fedora_2012_1218_bugzilla_fc16.nasl
2012-02-13Name : Fedora Update for bugzilla FEDORA-2012-1189
File : nvt/gb_fedora_2012_1189_bugzilla_fc15.nasl
2012-02-12Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla15.nasl

Nessus® Vulnerability Scanner

DateDescription
2012-02-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-1189.nasl - Type : ACT_GATHER_INFO
2012-02-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-1218.nasl - Type : ACT_GATHER_INFO
2012-02-07Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_309542b550b911e1b0d800151735203a.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://www.bugzilla.org/security/3.4.13/
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
SECTRACKhttp://www.securitytracker.com/id?1026623
SECUNIAhttp://secunia.com/advisories/47814
XFhttp://xforce.iss.net/xforce/xfdb/72882

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:07:32
  • Multiple Updates
2013-05-10 22:32:24
  • Multiple Updates