CVE-2010-3764

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.12 through 3.2.8 Bugzilla version 3.4.8 Bugzilla version 3.6.2 Bugzilla version 3.7.3 Bugzilla version 4.1

Description The issue allows remote attackers to obtain sensitive information via a modified URL, due to the predictable names of graph files created by the Old Charts implementation in Bugzilla.

Recommendations For Bugzilla versions 2.12 through 3.2.8, consider restricting access to the graphs/ directory to minimize the risk of exploitation. For Bugzilla version 3.4.8, update the Old Charts implementation to use unpredictable file names. For Bugzilla version 3.6.2, restrict access to sensitive information via modified URLs. For Bugzilla version 3.7.3, implement a secure naming convention for graph files. For Bugzilla version 4.1, apply configuration changes to prevent remote attackers from obtaining sensitive information.