漏洞信息详情
BugZilla Show_Bug.CGI下拉产品泄露漏洞
- CNNVD编号:CNNVD-200201-016
- 危害等级: 中危
- CVE编号:
CVE-2002-0009
- 漏洞类型:
设计错误
- 发布时间:
2002-01-31
- 威胁类型:
远程
- 更新时间:
2005-10-12
- 厂 商:
mozilla - 漏洞来源:
This issue was ori… -
漏洞简介
Bugzilla 2.14.1之前版本的show_bug.cgi存在漏洞。具有\”Bugs Access\”特权的用户通过提交漏洞以及读取接收到的Product下拉菜单看到用户不可访问的产品。
漏洞公告
This issue has been addressed by the vendor is versions 2.14.1 and later. Users are advised to upgrade to the most recent version.
It should also be noted that users who are running version 2.15 checked out of
cvs prior to 15 December 2001 are strongly recommended to use ‘cvs update’ to obtain the current cvs code.
Mozilla Bugzilla 2.10
-
Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz
Mozilla Bugzilla 2.12
-
Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz
Mozilla Bugzilla 2.14
-
Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz
Mozilla Bugzilla 2.4
-
Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz
Mozilla Bugzilla 2.6
-
Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz
Mozilla Bugzilla 2.8
-
Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz
参考网址
来源: BUGTRAQ
名称: 20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
链接:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
来源: www.bugzilla.org
链接:http://www.bugzilla.org/security2_14_1.html
来源: bugzilla.mozilla.org
链接:http://bugzilla.mozilla.org/show_bug.cgi?id=102141
来源: BID
名称: 3798
链接:http://www.securityfocus.com/bid/3798
来源: XF
名称: bugzilla-showbug-reveal-bugs(7802)
链接:http://www.iss.net/security_center/static/7802.php
来源: REDHAT
名称: RHSA-2002:001
链接:http://rhn.redhat.com/errata/RHSA-2002-001.html