CVE-2002-0809

Name of the Vulnerable Software and Affected Versions: Bugzilla versions 2.14 through 2.14.1 Bugzilla versions 2.16 before 2.16rc2

Description: The issue arises from improper handling of URL-encoded field names generated by certain browsers. This can cause specific fields to appear unset, leading to the removal of group permissions on bugs when the buglist.cgi page is accessed with these encoded field names.

Recommendations: For Bugzilla versions 2.14 through 2.14.1, update to version 2.14.2 to resolve the issue. For Bugzilla versions 2.16 before 2.16rc2, update to version 2.16rc2 or later to resolve the issue.