1. CVE-Search
  2. CVE-2002-0809
ID CVE-2002-0809
Summary Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-09-2008 - 20:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2002:109
refmap via4
bid 4964
bugtraq 20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
confirm http://bugzilla.mozilla.org/show_bug.cgi?id=148674
xf bugzilla-group-permissions-removal(10141)
Last major update 05-09-2008 - 20:29
Published 12-08-2002 - 04:00
Last modified 05-09-2008 - 20:29
Back to Top