PT-2007-2237 · Apache+1 · Apache+2

Publicado

2007-02-06

Atualizado

2018-10-16

CVE-2007-0792

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bugzilla version 2.23.3

Description The issue concerns the mod perl initialization script in Bugzilla, which fails to set the Apache configuration to allow .htaccess permissions to override file permissions. This allows remote attackers to obtain the database username and password by making a direct request for the localconfig file.

Recommendations For Bugzilla version 2.23.3, update the mod perl initialization script to set the Bugzilla Apache configuration and allow .htaccess permissions to override file permissions, or apply the necessary configuration changes to prevent remote access to the localconfig file.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-0792

Produtos afetados

Apache

Bugzilla

Mod Perl

PT-2007-2237 · Apache+1 · Apache+2

CVE-2007-0792

Identificadores relacionados

Produtos afetados

Referências · 10