 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2003-0013 |
| Description: | The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0013 BugTraq ID: 6501 http://www.securityfocus.com/bid/6501 Bugtraq: 20030102 [BUGZILLA] Security Advisory - remote database password disclosure (Google Search) http://marc.info/?l=bugtraq&m=104154319200399&w=2 Debian Security Information: DSA-230 (Google Search) http://www.debian.org/security/2003/dsa-230 http://www.osvdb.org/6351 XForce ISS Database: bugzilla-htaccess-database-password(10970) http://www.iss.net/security_center/static/10970.php |