PT-2006-1958 · Mozilla · Bugzilla

Phil Ringnalda

Published

2006-02-28

Updated

2011-03-08

CVE-2006-0915

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bugzilla version 2.16.10

Description The issue arises from improper handling of certain characters in the maxpatchsize and maxattachmentsize parameters in the attachment.cgi script, allowing remote attackers to trigger a SQL error.

Recommendations For Bugzilla version 2.16.10, consider restricting access to the attachment.cgi script until a proper fix is applied, and avoid using the maxpatchsize and maxattachmentsize parameters in a way that could trigger SQL errors.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0915

Affected Products

Bugzilla

PT-2006-1958 · Mozilla · Bugzilla

CVE-2006-0915

Related Identifiers

Affected Products

References · 4