CVE-2009-0486

Name of the Vulnerable Software and Affected Versions Bugzilla versions 3.0.7, 3.2.1, 3.3.2

Description The issue allows remote attackers to bypass cross-site request forgery protection mechanisms and conduct unauthorized activities as other users due to insufficiently random numbers generated for random tokens. This occurs when Bugzilla is running under mod perl and calls the srand function at startup time, causing Apache children to have the same seed.

Recommendations For versions 3.0.7, 3.2.1, and 3.3.2, consider reseeding the random number generator for each Apache child process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.