PT-2012-2586 · Mozilla · Bugzilla

Soroush Dalili

Published

2012-04-27

Updated

2012-08-14

CVE-2012-0465

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bugzilla versions 3.5.x through 3.6.8 Bugzilla versions 3.7.x through 4.0.5 Bugzilla versions 4.1.x through 4.2.0

Description The issue allows remote attackers to bypass the lockout policy. This can be achieved via a series of authentication requests with different IP address strings in the X-Forwarded-For HTTP header or a long string in this header. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Bugzilla versions 3.5.x through 3.6.8, update to version 3.6.9 or later. For Bugzilla versions 3.7.x through 4.0.5, update to version 4.0.6 or later. For Bugzilla versions 4.1.x through 4.2.0, update to version 4.2.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-0465

Affected Products

Bugzilla

PT-2012-2586 · Mozilla · Bugzilla

CVE-2012-0465

Weakness Enumeration

Related Identifiers

Affected Products

References · 7