BugZilla Show_Bug.CGI下拉产品泄露漏洞

漏洞信息详情

BugZilla Show_Bug.CGI下拉产品泄露漏洞

漏洞简介

Bugzilla 2.14.1之前版本的show_bug.cgi存在漏洞。具有\”Bugs Access\”特权的用户通过提交漏洞以及读取接收到的Product下拉菜单看到用户不可访问的产品。

漏洞公告

This issue has been addressed by the vendor is versions 2.14.1 and later. Users are advised to upgrade to the most recent version.
It should also be noted that users who are running version 2.15 checked out of
cvs prior to 15 December 2001 are strongly recommended to use ‘cvs update’ to obtain the current cvs code.
Mozilla Bugzilla 2.10

Mozilla Bugzilla 2.12

Mozilla Bugzilla 2.14

Mozilla Bugzilla 2.4

Mozilla Bugzilla 2.6

Mozilla Bugzilla 2.8

参考网址

来源: BUGTRAQ
名称: 20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
链接:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html

来源: www.bugzilla.org
链接:http://www.bugzilla.org/security2_14_1.html

来源: bugzilla.mozilla.org
链接:http://bugzilla.mozilla.org/show_bug.cgi?id=102141

来源: BID
名称: 3798
链接:http://www.securityfocus.com/bid/3798

来源: XF
名称: bugzilla-showbug-reveal-bugs(7802)
链接:http://www.iss.net/security_center/static/7802.php

来源: REDHAT
名称: RHSA-2002:001
链接:http://rhn.redhat.com/errata/RHSA-2002-001.html

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享