PT-2002-2179 · Mozilla · Bugzilla

Published

2002-10-28

Updated

2016-10-18

CVE-2002-1197

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Bugzilla versions 2.14.x through 2.14.3 Bugzilla versions 2.16.x through 2.16.0

Description: The issue allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. This is related to the bugzilla email append.pl script.

Recommendations: For Bugzilla versions 2.14.x through 2.14.3, update to version 2.14.4 or later. For Bugzilla versions 2.16.x through 2.16.0, update to version 2.16.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1197

Affected Products

Bugzilla

PT-2002-2179 · Mozilla · Bugzilla

CVE-2002-1197

Related Identifiers

Affected Products

References · 6