PT-2007-2237 · Apache+1 · Apache+2

Published

2007-02-06

Updated

2018-10-16

CVE-2007-0792

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bugzilla version 2.23.3

Description The issue concerns the mod perl initialization script in Bugzilla, which fails to set the Apache configuration to allow .htaccess permissions to override file permissions. This allows remote attackers to obtain the database username and password by making a direct request for the localconfig file.

Recommendations For Bugzilla version 2.23.3, update the mod perl initialization script to set the Bugzilla Apache configuration and allow .htaccess permissions to override file permissions, or apply the necessary configuration changes to prevent remote access to the localconfig file.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0792

Affected Products

Apache

Bugzilla

Mod Perl

PT-2007-2237 · Apache+1 · Apache+2

CVE-2007-0792

Related Identifiers

Affected Products

References · 10