CVE-2009-3989

Name of the Vulnerable Software and Affected Versions Bugzilla versions 3.0.11 and earlier, 3.2.x through 3.2.5, 3.4.x through 3.4.4, 3.5.x through 3.5.2

Description The issue allows remote attackers to obtain sensitive information by requesting specific files and directories used by custom installations, including (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.

Recommendations For Bugzilla versions 3.0.11 and earlier, update to version 3.0.11 or later. For Bugzilla versions 3.2.x through 3.2.5, update to version 3.2.6 or later. For Bugzilla versions 3.4.x through 3.4.4, update to version 3.4.5 or later. For Bugzilla versions 3.5.x through 3.5.2, update to version 3.5.3 or later.