Executive Summary

Informations
Name CVE-2012-0453 First vendor Publication 2012-02-24
Vendor Cve Last vendor Modification 2012-02-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 5.1 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0453

CWE : Common Weakness Enumeration

idName
CWE-352Cross-Site Request Forgery (CSRF)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application8

OpenVAS Exploits

DateDescription
2012-11-26Name : Fedora Update for bugzilla FEDORA-2012-18224
File : nvt/gb_fedora_2012_18224_bugzilla_fc16.nasl
2012-09-11Name : Fedora Update for bugzilla FEDORA-2012-13171
File : nvt/gb_fedora_2012_13171_bugzilla_fc16.nasl
2012-08-14Name : Fedora Update for bugzilla FEDORA-2012-11324
File : nvt/gb_fedora_2012_11324_bugzilla_fc16.nasl
2012-05-04Name : Fedora Update for bugzilla FEDORA-2012-6368
File : nvt/gb_fedora_2012_6368_bugzilla_fc16.nasl
2012-04-30Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla17.nasl
2012-04-02Name : Fedora Update for bugzilla FEDORA-2012-2398
File : nvt/gb_fedora_2012_2398_bugzilla_fc16.nasl

Nessus® Vulnerability Scanner

DateDescription
2012-04-10Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_7f448dc182ca11e1b39320cf30e32f6d.nasl - Type : ACT_GATHER_INFO
2012-03-07Name : The remote Fedora host is missing a security update.
File : fedora_2012-2398.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRM http://www.bugzilla.org/security/4.0.4/
https://bugzilla.mozilla.org/show_bug.cgi?id=725663

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:07:35
  • Multiple Updates
2013-05-10 22:32:33
  • Multiple Updates