Test ID:	1.3.6.1.4.1.25623.1.0.103215
Category:	Web application abuses
Title:	Bugzilla Multiple Security Vulnerabilities
Summary:	Bugzilla is prone to the following vulnerabilities:;;1. A security bypass vulnerability.;;2. An email header-injection vulnerability.;;3. Multiple information disclosure vulnerabilities.;;4. Multiple cross-site scripting vulnerabilities.;;Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain;sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based;authentication credentials, and perform actions in the vulnerable application in the context of the victim.
Description:	Summary: Bugzilla is prone to the following vulnerabilities: 1. A security bypass vulnerability. 2. An email header-injection vulnerability. 3. Multiple information disclosure vulnerabilities. 4. Multiple cross-site scripting vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform actions in the vulnerable application in the context of the victim. Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2379 BugTraq ID: 49042 http://www.securityfocus.com/bid/49042 Debian Security Information: DSA-2322 (Google Search) http://www.debian.org/security/2011/dsa-2322 http://www.osvdb.org/74297 http://secunia.com/advisories/45501 XForce ISS Database: bugzilla-patch-attachments-xss(69033) https://exchange.xforce.ibmcloud.com/vulnerabilities/69033 Common Vulnerability Exposure (CVE) ID: CVE-2011-2380 http://www.osvdb.org/74298 http://www.osvdb.org/74299 XForce ISS Database: bugzilla-editing-info-disclosure(69034) https://exchange.xforce.ibmcloud.com/vulnerabilities/69034 Common Vulnerability Exposure (CVE) ID: CVE-2011-2381 http://www.osvdb.org/74300 XForce ISS Database: bugzilla-attachment-header-injection(69035) https://exchange.xforce.ibmcloud.com/vulnerabilities/69035 Common Vulnerability Exposure (CVE) ID: CVE-2011-2976 http://www.osvdb.org/74303 XForce ISS Database: bugzilla-buglist-xss(69038) https://exchange.xforce.ibmcloud.com/vulnerabilities/69038 Common Vulnerability Exposure (CVE) ID: CVE-2011-2977 http://www.osvdb.org/74302 XForce ISS Database: bugzilla-attachments-info-disc(69037) https://exchange.xforce.ibmcloud.com/vulnerabilities/69037 Common Vulnerability Exposure (CVE) ID: CVE-2011-2978 http://www.osvdb.org/74301 XForce ISS Database: bugzilla-account-sec-bypass(69036) https://exchange.xforce.ibmcloud.com/vulnerabilities/69036 Common Vulnerability Exposure (CVE) ID: CVE-2011-2979 XForce ISS Database: bugzilla-queries-info-disclosure(69166) https://exchange.xforce.ibmcloud.com/vulnerabilities/69166
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.