Test ID:	1.3.6.1.4.1.25623.1.0.103045
Category:	Web application abuses
Title:	Bugzilla Multiple Vulnerabilities
Summary:	Bugzilla is prone to the following vulnerabilities:;;1. A security-bypass issue.;;2. Multiple cross-site scripting vulnerabilities.;;3. Multiple cross-site request-forgery vulnerabilities.;;Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute;arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials or;perform certain administrative actions and perform actions in the vulnerable application in the context of the;victim.;;The following versions are vulnerable:;;3.1.x versions prior to 3.2.10;;3.2.x versions prior to 3.4.10;;3.3.x versions prior to 3.6.4;;4.x versions prior to 4.0rc2
Description:	Summary: Bugzilla is prone to the following vulnerabilities: 1. A security-bypass issue. 2. Multiple cross-site scripting vulnerabilities. 3. Multiple cross-site request-forgery vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials or perform certain administrative actions and perform actions in the vulnerable application in the context of the victim. The following versions are vulnerable: 3.1.x versions prior to 3.2.10 3.2.x versions prior to 3.4.10 3.3.x versions prior to 3.6.4 4.x versions prior to 4.0rc2 Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4567 BugTraq ID: 45982 http://www.securityfocus.com/bid/45982 Debian Security Information: DSA-2322 (Google Search) http://www.debian.org/security/2011/dsa-2322 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html http://osvdb.org/70699 http://secunia.com/advisories/43033 http://secunia.com/advisories/43165 http://www.vupen.com/english/advisories/2011/0207 http://www.vupen.com/english/advisories/2011/0271 XForce ISS Database: bugzilla-urlfield-xss(65004) https://exchange.xforce.ibmcloud.com/vulnerabilities/65004 Common Vulnerability Exposure (CVE) ID: CVE-2010-4568 http://osvdb.org/70700 XForce ISS Database: bugzilla-number-security-bypass(65001) https://exchange.xforce.ibmcloud.com/vulnerabilities/65001 Common Vulnerability Exposure (CVE) ID: CVE-2010-4569 http://yuilibrary.com/forum/viewtopic.php?p=12923 http://yuilibrary.com/projects/yui2/ticket/2529228 http://osvdb.org/70701 XForce ISS Database: bugzilla-realname-xss(65178) https://exchange.xforce.ibmcloud.com/vulnerabilities/65178 Common Vulnerability Exposure (CVE) ID: CVE-2010-4570 http://osvdb.org/70702 XForce ISS Database: bugzilla-summary-xss(65179) https://exchange.xforce.ibmcloud.com/vulnerabilities/65179 Common Vulnerability Exposure (CVE) ID: CVE-2011-0046 http://osvdb.org/70705 http://osvdb.org/70706 http://osvdb.org/70707 http://osvdb.org/70708 http://osvdb.org/70709 http://osvdb.org/70710 XForce ISS Database: bugzilla-unspec-csrf(65003) https://exchange.xforce.ibmcloud.com/vulnerabilities/65003 Common Vulnerability Exposure (CVE) ID: CVE-2011-0048 http://osvdb.org/70704 XForce ISS Database: bugzilla-url-xss(65005) https://exchange.xforce.ibmcloud.com/vulnerabilities/65005
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.