Executive Summary
Summary | |
---|---|
Title | Bugzilla: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201110-03 | First vendor Publication | 2011-10-09 |
Vendor | Gentoo | Last vendor Modification | 2011-10-10 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in Bugzilla, the worst of which leading to privilege escalation. Background Description Impact A local attacker could disclose the contents of temporarfy files for uploaded attachments. Workaround Resolution NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 27, 2011. It is likely that your system is already no longer affected by this issue. References Availability http://security.gentoo.org/glsa/glsa-201110-03.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201110-03.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
27 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
13 % | CWE-200 | Information Exposure |
7 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
7 % | CWE-264 | Permissions, Privileges, and Access Controls |
7 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14859 | |||
Oval ID: | oval:org.mitre.oval:def:14859 | ||
Title: | DSA-2322-1 bugzilla -- several | ||
Description: | Several vulnerabilities were discovered in Bugzilla, a web-based bug tracking system. CVE-2010-4572 By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser. CVE-2010-4567, CVE-2011-0048 Bugzilla has a "URL" field that can contain several types of URL, including "javascript:" and "data:" URLs. However, it does not make "javascript:" and "data:" URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. Also, "javascript:" and "data:" links were *always* shown as clickable to logged-out users. CVE-2010-4568 It was possible for a user to gain unauthorised access to any Bugzilla account in a very short amount of time. CVE-2011-0046 Various pages were vulnerable to Cross-Site Request Forgery attacks. Most of these issues are not as serious as previous CSRF vulnerabilities. CVE-2011-2978 When a user changes his email address, Bugzilla trusts a user-modifiable field for obtaining the current e-mail address to send a confirmation message to. If an attacker has access to the session of another user , the attacker could alter this field to cause the email-change notification to go to their own address. This means that the user would not be notified that his account had its email address changed by the attacker. CVE-2011-2381 For flagmails only, attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications when an attachment flag is edited. CVE-2011-2379 Bugzilla uses an alternate host for attachments when viewing them in raw format to prevent cross-site scripting attacks. This alternate host is now also used when viewing patches in "Raw Unified" mode because Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing, which could lead to the execution of malicious code. CVE-2011-2380 CVE-201-2979 Normally, a group name is confidential and is only visible to members of the group, and to non-members if the group is used in bugs. By crafting the URL when creating or editing a bug, it was possible to guess if a group existed or not, even for groups which weren't used in bugs and so which were supposed to remain confidential. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2322-1 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572 CVE-2011-0046 CVE-2011-0048 CVE-2011-2379 CVE-2011-2380 CVE-2011-2381 CVE-2011-2978 CVE-2011-2979 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | bugzilla |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20547 | |||
Oval ID: | oval:org.mitre.oval:def:20547 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-2761 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-07-30 | Name : CentOS Update for perl CESA-2011:1797 centos4 x86_64 File : nvt/gb_CESA-2011_1797_perl_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for perl CESA-2011:1797 centos5 x86_64 File : nvt/gb_CESA-2011_1797_perl_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for perl RHSA-2011:0558-01 File : nvt/gb_RHSA-2011_0558-01_perl.nasl |
2012-04-02 | Name : Fedora Update for bugzilla FEDORA-2011-10399 File : nvt/gb_fedora_2011_10399_bugzilla_fc16.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla) File : nvt/glsa_201110_03.nasl |
2011-12-12 | Name : CentOS Update for perl CESA-2011:1797 centos4 i386 File : nvt/gb_CESA-2011_1797_perl_centos4_i386.nasl |
2011-12-12 | Name : CentOS Update for perl CESA-2011:1797 centos5 i386 File : nvt/gb_CESA-2011_1797_perl_centos5_i386.nasl |
2011-12-09 | Name : RedHat Update for perl RHSA-2011:1797-01 File : nvt/gb_RHSA-2011_1797-01_perl.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2322-1 (bugzilla) File : nvt/deb_2322_1.nasl |
2011-09-21 | Name : FreeBSD Ports: bugzilla File : nvt/freebsd_bugzilla13.nasl |
2011-08-24 | Name : Fedora Update for bugzilla FEDORA-2011-10426 File : nvt/gb_fedora_2011_10426_bugzilla_fc15.nasl |
2011-08-24 | Name : Fedora Update for bugzilla FEDORA-2011-10413 File : nvt/gb_fedora_2011_10413_bugzilla_fc14.nasl |
2011-08-22 | Name : Bugzilla Multiple Security Vulnerabilities File : nvt/gb_bugzilla_49042.nasl |
2011-05-10 | Name : Ubuntu Update for perl USN-1129-1 File : nvt/gb_ubuntu_USN_1129_1.nasl |
2011-03-05 | Name : FreeBSD Ports: bugzilla File : nvt/freebsd_bugzilla12.nasl |
2011-02-04 | Name : Fedora Update for perl-CGI FEDORA-2011-0640 File : nvt/gb_fedora_2011_0640_perl-CGI_fc14.nasl |
2011-02-04 | Name : Fedora Update for perl-CGI FEDORA-2011-0654 File : nvt/gb_fedora_2011_0654_perl-CGI_fc13.nasl |
2011-02-04 | Name : Fedora Update for bugzilla FEDORA-2011-0741 File : nvt/gb_fedora_2011_0741_bugzilla_fc14.nasl |
2011-01-31 | Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0631 File : nvt/gb_fedora_2011_0631_perl-CGI-Simple_fc13.nasl |
2011-01-31 | Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0653 File : nvt/gb_fedora_2011_0653_perl-CGI-Simple_fc14.nasl |
2011-01-26 | Name : Bugzilla Multiple Vulnerabilities File : nvt/gb_bugzilla_45982.nasl |
2011-01-21 | Name : Mandriva Update for perl-CGI MDVSA-2011:008 (perl-CGI) File : nvt/gb_mandriva_MDVSA_2011_008.nasl |
2010-12-28 | Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple) File : nvt/gb_mandriva_MDVSA_2010_252.nasl |
2010-12-23 | Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple) File : nvt/gb_mandriva_MDVSA_2010_250.nasl |
2010-12-02 | Name : Fedora Update for bugzilla FEDORA-2010-17274 File : nvt/gb_fedora_2010_17274_bugzilla_fc14.nasl |
2010-12-02 | Name : Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability File : nvt/gb_perl_CGI_45145.nasl |
2010-11-23 | Name : Mandriva Update for perl-CGI MDVSA-2010:237 (perl-CGI) File : nvt/gb_mandriva_MDVSA_2010_237.nasl |
2010-11-16 | Name : Fedora Update for bugzilla FEDORA-2010-17280 File : nvt/gb_fedora_2010_17280_bugzilla_fc13.nasl |
2010-11-16 | Name : Fedora Update for bugzilla FEDORA-2010-17235 File : nvt/gb_fedora_2010_17235_bugzilla_fc12.nasl |
2010-11-05 | Name : Bugzilla Response Splitting and Security Bypass Vulnerabilities File : nvt/gb_bugzilla_44618.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74303 | Bugzilla BUGLIST Cookie XSS |
74302 | Bugzilla Temporary Attachment File Local Disclosure |
74301 | Bugzilla Account Email Change Notification Weakness |
74300 | Bugzilla Flagmail Attachment Description Header CRLF Injection |
74299 | Bugzilla Custom Search URL Parsing Group Name Disclosure |
74298 | Bugzilla Bug Creation / Editing URL Parsing Group Name Disclosure |
74297 | Bugzilla Patch Attachment Raw Unified Viewing Mode XSS Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via patch attachments when viewing them in Raw Unified mode. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
70710 | Bugzilla quips.cgi Quip Moderation CSRF Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'quips.cgi' script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of quips. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
70709 | Bugzilla colchange.cgi Column Manipulation CSRF Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'colchange.cgi' script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of columns. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
70708 | Bugzilla chart.cgi Chart Manipulation CSRF Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'chart.cgi' script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of charts. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
70707 | Bugzilla sanitycheck.cgi Authentication Hijack CSRF Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'sanitycheck.cgi' script does not require multiple steps or explicit confirmation for certain sensitive transactions, allowing for the hijacking of arbitrary user's authentication. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
70706 | Bugzilla votes.cgi Authentication Hijack CSRF Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'votes.cgi' script does not require multiple steps or explicit confirmation for certain sensitive transactions, allowing for the hijacking of arbitrary user's authentication. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
70705 | Bugzilla buglist.cgi Saved Search Addition CSRF Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'buglist.cgi' script does not require multiple steps or explicit confirmation for sensitive transactions for the addition of saved searches to a user's profile. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
70704 | Bugzilla Multiple URI Clickable Link bug_file_loc Field XSS Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application creates a clickable link for javascript: or data: URI in the 'bug_file_loc' URL field, which is not santised before being returned to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
70703 | Bugzilla chart.cgi Query String HTTP Response Splitting CRLF Injection Bugzilla contains a flaw related to 'chart.cgi'. This may allow a remote attacker to conduct HTTP response splitting attacks via the query string and inject arbitrary HTTP headers. |
70702 | Bugzilla YUI DataTable Widget Duplicate Detection Summary Field XSS Bugzilla contains a flaw in the duplicate-detection functionality that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'summary' field before returning it to the user, due to the YUI DataTable widget's rendering of strings as text. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
70701 | Bugzilla YUI AutoComplete Widget User Account Real Name Field XSS Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'real name' field of a user account before returning it to the user when using the YUI AutoComplete widget, which renders textual data as HTML markup. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
70700 | Bugzilla srand Function Cookie / Token Random Value Weakness Arbitrary Accoun... Bugzilla contains a flaw related to the generating of random values for cookies and tokens. This may allow a remote attacker to obtain access to arbitrary accounts via a vector related to insufficiently random calls to the srand function. |
70699 | Bugzilla Multiple URI Preceding Whitespace bug_file_loc Field XSS Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not properly handle whitespace preceding javascript: or data: URI, allowing a remote attacker to conduct an XSS attack via the URL (bug_file_loc) field. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
69588 | CGI.pm multipart_init() Function multipart/x-mixed-replace MIME Type HTTP Hea... CGI.pm contains a flaw related to the 'multipart_init()' function when handing a message with 'multipart/x-mixed-replace' MIME type. This may allow a remote attacker to inject arbitrary HTTP headers in a response to the user. |
69222 | Bugzilla Old Charts Predictable Graph Filenames Remote Information Disclosure Bugzilla contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the Old Charts implementation uses predictable names for files in 'graphs/', which will disclose graphs and product names to a remote attacker via a crafted URL. |
69221 | Bugzilla Server Push Crafted URL Response Splitting CRLF Injection Bugzilla contains a flaw when Server Push is enabled. The issue is triggered when a remote attakcer injects arbitrary HTTP headers and content with a crafted URL. This may allow an attacker to conduct HTTP response splitting attacks. This may lead to XSS or other vulnerabilities. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_perl-CGI-Simple-110127.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_perl-110112.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1797.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111208_perl_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_perl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO |
2011-12-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO |
2011-10-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2322.nasl - Type : ACT_GATHER_INFO |
2011-10-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-03.nasl - Type : ACT_GATHER_INFO |
2011-08-23 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10399.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10413.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10426.nasl - Type : ACT_GATHER_INFO |
2011-08-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_dc8741b9c5d511e08a8e00151735203a.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1129-1.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote host is missing the patch for the advisory RHSA-2011-0558 File : redhat-RHSA-2011-0558.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_perl-CGI-Simple-110127.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_perl-110112.nasl - Type : ACT_GATHER_INFO |
2011-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0741.nasl - Type : ACT_GATHER_INFO |
2011-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0755.nasl - Type : ACT_GATHER_INFO |
2011-02-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0640.nasl - Type : ACT_GATHER_INFO |
2011-02-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0654.nasl - Type : ACT_GATHER_INFO |
2011-01-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0653.nasl - Type : ACT_GATHER_INFO |
2011-01-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0631.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-008.nasl - Type : ACT_GATHER_INFO |
2011-01-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c8c927e5289111e08f2600151735203a.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_perl-110112.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_perl-7316.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-237.nasl - Type : ACT_GATHER_INFO |
2010-11-15 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17280.nasl - Type : ACT_GATHER_INFO |
2010-11-15 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17274.nasl - Type : ACT_GATHER_INFO |
2010-11-15 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17235.nasl - Type : ACT_GATHER_INFO |
2010-11-15 | Name : A web application is affected by a response splitting vulnerability. File : bugzilla_response_splitting.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:59 |
|