Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2014:200 First vendor Publication 2014-10-21
Vendor Mandriva Last vendor Modification 2014-10-21
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated bugzilla packages fix security vulnerabilities:

If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group (CVE-2014-1571).

An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting (CVE-2014-1572).

During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information (CVE-2014-1573).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:200

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-200 Information Exposure
33 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 204
Os 3

Nessus® Vulnerability Scanner

Date Description
2017-03-06 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_5ed094a0015011e7ae1b002590263bf5.nasl - Type : ACT_GATHER_INFO
2016-07-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201607-11.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12591.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12530.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12584.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-200.nasl - Type : ACT_GATHER_INFO
2014-10-07 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_b65873414d8811e4aef920cf30e32f6d.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : The remote web server contains a web application affected by multiple vulnera...
File : bugzilla_4_4_6.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-10-23 13:25:00
  • Multiple Updates
2014-10-21 13:23:56
  • First insertion