Web application abuses : Bugzilla Multiple Vulnerabilities

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.100749

Category: Web application abuses

Title: Bugzilla Multiple Vulnerabilities

Summary: Bugzilla is prone to the following vulnerabilities:;;1. A security bypass issue.;;2. Multiple information disclosure vulnerabilities.;;3. A denial-of-service vulnerability.;;Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain;sensitive information or cause the affected application to crash, denying service to legitimate users.;;The following versions are vulnerable:;;4.x and 3.2.x versions prior to 3.2.8, 4.1.x and 3.4.x versions prior to 3.4.8, 4.2.x and 3.6.x versions prior to;3.6.2, 4.3.x versions prior to 3.7.3.

Description: Summary:
Bugzilla is prone to the following vulnerabilities:

1. A security bypass issue.

2. Multiple information disclosure vulnerabilities.

3. A denial-of-service vulnerability.

Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain
sensitive information or cause the affected application to crash, denying service to legitimate users.

The following versions are vulnerable:

4.x and 3.2.x versions prior to 3.2.8, 4.1.x and 3.4.x versions prior to 3.4.8, 4.2.x and 3.6.x versions prior to
3.6.2, 4.3.x versions prior to 3.7.3.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2756
BugTraq ID: 42275
http://www.securityfocus.com/bid/42275
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
http://secunia.com/advisories/40892
http://secunia.com/advisories/41128
http://www.vupen.com/english/advisories/2010/2035
http://www.vupen.com/english/advisories/2010/2205
Common Vulnerability Exposure (CVE) ID: CVE-2010-2757
Common Vulnerability Exposure (CVE) ID: CVE-2010-2758
Common Vulnerability Exposure (CVE) ID: CVE-2010-2759

Copyright Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.100749
Category:	Web application abuses
Title:	Bugzilla Multiple Vulnerabilities
Summary:	Bugzilla is prone to the following vulnerabilities:;;1. A security bypass issue.;;2. Multiple information disclosure vulnerabilities.;;3. A denial-of-service vulnerability.;;Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain;sensitive information or cause the affected application to crash, denying service to legitimate users.;;The following versions are vulnerable:;;4.x and 3.2.x versions prior to 3.2.8, 4.1.x and 3.4.x versions prior to 3.4.8, 4.2.x and 3.6.x versions prior to;3.6.2, 4.3.x versions prior to 3.7.3.
Description:	Summary: Bugzilla is prone to the following vulnerabilities: 1. A security bypass issue. 2. Multiple information disclosure vulnerabilities. 3. A denial-of-service vulnerability. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain sensitive information or cause the affected application to crash, denying service to legitimate users. The following versions are vulnerable: 4.x and 3.2.x versions prior to 3.2.8, 4.1.x and 3.4.x versions prior to 3.4.8, 4.2.x and 3.6.x versions prior to 3.6.2, 4.3.x versions prior to 3.7.3. Solution: Updates are available. Please see the references for more information. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2756 BugTraq ID: 42275 http://www.securityfocus.com/bid/42275 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/2205 Common Vulnerability Exposure (CVE) ID: CVE-2010-2757 Common Vulnerability Exposure (CVE) ID: CVE-2010-2758 Common Vulnerability Exposure (CVE) ID: CVE-2010-2759
Copyright	Copyright (C) 2010 Greenbone AG