CVE-2012-0465

Name of the Vulnerable Software and Affected Versions Bugzilla versions 3.5.x through 3.6.8 Bugzilla versions 3.7.x through 4.0.5 Bugzilla versions 4.1.x through 4.2.0

Description The issue allows remote attackers to bypass the lockout policy. This can be achieved via a series of authentication requests with different IP address strings in the X-Forwarded-For HTTP header or a long string in this header. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Bugzilla versions 3.5.x through 3.6.8, update to version 3.6.9 or later. For Bugzilla versions 3.7.x through 4.0.5, update to version 4.0.6 or later. For Bugzilla versions 4.1.x through 4.2.0, update to version 4.2.1 or later.