CVE-2003-0013

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.14.x through 2.14.4 Bugzilla versions 2.16.x through 2.16.1 Bugzilla versions 2.17.x through 2.17.2

Description The issue arises from the default .htaccess scripts in Bugzilla not including filenames for backup copies of the localconfig file. This could allow remote attackers to obtain a database password by directly accessing the backup file, which may be created by editors like vi and Emacs.

Recommendations For Bugzilla versions 2.14.x through 2.14.4, update to version 2.14.5 or later. For Bugzilla versions 2.16.x through 2.16.1, update to version 2.16.2 or later. For Bugzilla versions 2.17.x through 2.17.2, update to version 2.17.3 or later.