PT-2012-5241 · Mozilla · Bugzilla
Frédéric Buclin
·
Publicado
2012-11-16
·
Atualizado
2017-08-29
·
CVE-2012-4197
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Bugzilla versions 2.x through 3.x before 3.6.12
Bugzilla versions 3.7.x
Bugzilla versions 4.0.x before 4.0.9
Bugzilla versions 4.1.x
Bugzilla versions 4.2.x before 4.2.4
Bugzilla versions 4.3.x and 4.4.x before 4.4rc1
Description
The issue allows remote attackers to read attachment descriptions from private bugs. This is achieved via an obsolete=1 insert action in the attachment.cgi script.
Recommendations
For versions 2.x through 3.x before 3.6.12, update to version 3.6.12 or later.
For versions 3.7.x, update to a version after 3.7.x.
For versions 4.0.x before 4.0.9, update to version 4.0.9 or later.
For versions 4.1.x, update to a version after 4.1.x.
For versions 4.2.x before 4.2.4, update to version 4.2.4 or later.
For versions 4.3.x and 4.4.x before 4.4rc1, update to version 4.4rc1 or later.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bugzilla