PT-2003-1311 · Vim+2 · Vi+2

David Miller

Published

2003-01-17

Updated

2016-10-18

CVE-2003-0013

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.14.x through 2.14.4 Bugzilla versions 2.16.x through 2.16.1 Bugzilla versions 2.17.x through 2.17.2

Description The issue arises from the default .htaccess scripts in Bugzilla not including filenames for backup copies of the localconfig file. This could allow remote attackers to obtain a database password by directly accessing the backup file, which may be created by editors like vi and Emacs.

Recommendations For Bugzilla versions 2.14.x through 2.14.4, update to version 2.14.5 or later. For Bugzilla versions 2.16.x through 2.16.1, update to version 2.16.2 or later. For Bugzilla versions 2.17.x through 2.17.2, update to version 2.17.3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0013

DSA-230

Affected Products

Bugzilla

Emacs

PT-2003-1311 · Vim+2 · Vi+2

CVE-2003-0013

Related Identifiers

Affected Products

References · 7