Web application abuses : Bugzilla Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103045

Categoría: Web application abuses

Título: Bugzilla Multiple Vulnerabilities

Resumen: Bugzilla is prone to the following vulnerabilities:;;1. A security-bypass issue.;;2. Multiple cross-site scripting vulnerabilities.;;3. Multiple cross-site request-forgery vulnerabilities.;;Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute;arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials or;perform certain administrative actions and perform actions in the vulnerable application in the context of the;victim.;;The following versions are vulnerable:;;3.1.x versions prior to 3.2.10;;3.2.x versions prior to 3.4.10;;3.3.x versions prior to 3.6.4;;4.x versions prior to 4.0rc2

Descripción: Summary:
Bugzilla is prone to the following vulnerabilities:

1. A security-bypass issue.

2. Multiple cross-site scripting vulnerabilities.

3. Multiple cross-site request-forgery vulnerabilities.

Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute
arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials or
perform certain administrative actions and perform actions in the vulnerable application in the context of the
victim.

The following versions are vulnerable:

3.1.x versions prior to 3.2.10

3.2.x versions prior to 3.4.10

3.3.x versions prior to 3.6.4

4.x versions prior to 4.0rc2

Solution:
Vendor updates are available. Please see the references for more
information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4567
BugTraq ID: 45982
http://www.securityfocus.com/bid/45982
Debian Security Information: DSA-2322 (Google Search)
http://www.debian.org/security/2011/dsa-2322
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://osvdb.org/70699
http://secunia.com/advisories/43033
http://secunia.com/advisories/43165
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0271
XForce ISS Database: bugzilla-urlfield-xss(65004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65004
Common Vulnerability Exposure (CVE) ID: CVE-2010-4568
http://osvdb.org/70700
XForce ISS Database: bugzilla-number-security-bypass(65001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65001
Common Vulnerability Exposure (CVE) ID: CVE-2010-4569
http://yuilibrary.com/forum/viewtopic.php?p=12923
http://yuilibrary.com/projects/yui2/ticket/2529228
http://osvdb.org/70701
XForce ISS Database: bugzilla-realname-xss(65178)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65178
Common Vulnerability Exposure (CVE) ID: CVE-2010-4570
http://osvdb.org/70702
XForce ISS Database: bugzilla-summary-xss(65179)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65179
Common Vulnerability Exposure (CVE) ID: CVE-2011-0046
http://osvdb.org/70705
http://osvdb.org/70706
http://osvdb.org/70707
http://osvdb.org/70708
http://osvdb.org/70709
http://osvdb.org/70710
XForce ISS Database: bugzilla-unspec-csrf(65003)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65003
Common Vulnerability Exposure (CVE) ID: CVE-2011-0048
http://osvdb.org/70704
XForce ISS Database: bugzilla-url-xss(65005)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65005

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103045
Categoría:	Web application abuses
Título:	Bugzilla Multiple Vulnerabilities
Resumen:	Bugzilla is prone to the following vulnerabilities:;;1. A security-bypass issue.;;2. Multiple cross-site scripting vulnerabilities.;;3. Multiple cross-site request-forgery vulnerabilities.;;Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute;arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials or;perform certain administrative actions and perform actions in the vulnerable application in the context of the;victim.;;The following versions are vulnerable:;;3.1.x versions prior to 3.2.10;;3.2.x versions prior to 3.4.10;;3.3.x versions prior to 3.6.4;;4.x versions prior to 4.0rc2
Descripción:	Summary: Bugzilla is prone to the following vulnerabilities: 1. A security-bypass issue. 2. Multiple cross-site scripting vulnerabilities. 3. Multiple cross-site request-forgery vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials or perform certain administrative actions and perform actions in the vulnerable application in the context of the victim. The following versions are vulnerable: 3.1.x versions prior to 3.2.10 3.2.x versions prior to 3.4.10 3.3.x versions prior to 3.6.4 4.x versions prior to 4.0rc2 Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4567 BugTraq ID: 45982 http://www.securityfocus.com/bid/45982 Debian Security Information: DSA-2322 (Google Search) http://www.debian.org/security/2011/dsa-2322 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html http://osvdb.org/70699 http://secunia.com/advisories/43033 http://secunia.com/advisories/43165 http://www.vupen.com/english/advisories/2011/0207 http://www.vupen.com/english/advisories/2011/0271 XForce ISS Database: bugzilla-urlfield-xss(65004) https://exchange.xforce.ibmcloud.com/vulnerabilities/65004 Common Vulnerability Exposure (CVE) ID: CVE-2010-4568 http://osvdb.org/70700 XForce ISS Database: bugzilla-number-security-bypass(65001) https://exchange.xforce.ibmcloud.com/vulnerabilities/65001 Common Vulnerability Exposure (CVE) ID: CVE-2010-4569 http://yuilibrary.com/forum/viewtopic.php?p=12923 http://yuilibrary.com/projects/yui2/ticket/2529228 http://osvdb.org/70701 XForce ISS Database: bugzilla-realname-xss(65178) https://exchange.xforce.ibmcloud.com/vulnerabilities/65178 Common Vulnerability Exposure (CVE) ID: CVE-2010-4570 http://osvdb.org/70702 XForce ISS Database: bugzilla-summary-xss(65179) https://exchange.xforce.ibmcloud.com/vulnerabilities/65179 Common Vulnerability Exposure (CVE) ID: CVE-2011-0046 http://osvdb.org/70705 http://osvdb.org/70706 http://osvdb.org/70707 http://osvdb.org/70708 http://osvdb.org/70709 http://osvdb.org/70710 XForce ISS Database: bugzilla-unspec-csrf(65003) https://exchange.xforce.ibmcloud.com/vulnerabilities/65003 Common Vulnerability Exposure (CVE) ID: CVE-2011-0048 http://osvdb.org/70704 XForce ISS Database: bugzilla-url-xss(65005) https://exchange.xforce.ibmcloud.com/vulnerabilities/65005
Copyright	Copyright (C) 2011 Greenbone AG