Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
NameCVE-2012-0453First vendor Publication2012-02-24
VendorCveLast vendor Modification2012-02-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score5.1Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0453

CWE : Common Weakness Enumeration

100 %CWE-352Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration


OpenVAS Exploits

2012-11-26Name : Fedora Update for bugzilla FEDORA-2012-18224
File : nvt/gb_fedora_2012_18224_bugzilla_fc16.nasl
2012-09-11Name : Fedora Update for bugzilla FEDORA-2012-13171
File : nvt/gb_fedora_2012_13171_bugzilla_fc16.nasl
2012-08-14Name : Fedora Update for bugzilla FEDORA-2012-11324
File : nvt/gb_fedora_2012_11324_bugzilla_fc16.nasl
2012-05-04Name : Fedora Update for bugzilla FEDORA-2012-6368
File : nvt/gb_fedora_2012_6368_bugzilla_fc16.nasl
2012-04-30Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla17.nasl
2012-04-02Name : Fedora Update for bugzilla FEDORA-2012-2398
File : nvt/gb_fedora_2012_2398_bugzilla_fc16.nasl

Nessus® Vulnerability Scanner

2012-04-10Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_7f448dc182ca11e1b39320cf30e32f6d.nasl - Type : ACT_GATHER_INFO
2012-03-07Name : The remote Fedora host is missing a security update.
File : fedora_2012-2398.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

CONFIRM http://www.bugzilla.org/security/4.0.4/

Alert History

If you want to see full details history, please login or register.
2014-02-17 11:07:35
  • Multiple Updates
2013-05-10 22:32:33
  • Multiple Updates