ID CVE-2007-0792
Summary The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 22380
bugtraq 20070203 Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3
confirm http://www.bugzilla.org/security/2.20.3/
osvdb 35862
sectrack 1017585
sreason 2222
vupen ADV-2007-0477
xf bugzilla-htaccess-information-disclosure(32252)
Last major update 16-10-2018 - 16:34
Published 06-02-2007 - 19:28
Last modified 16-10-2018 - 16:34
Back to Top