ID de Prueba:	1.3.6.1.4.1.25623.1.0.103215
Categoría:	Web application abuses
Título:	Bugzilla Multiple Security Vulnerabilities
Resumen:	Bugzilla is prone to the following vulnerabilities:;;1. A security bypass vulnerability.;;2. An email header-injection vulnerability.;;3. Multiple information disclosure vulnerabilities.;;4. Multiple cross-site scripting vulnerabilities.;;Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain;sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based;authentication credentials, and perform actions in the vulnerable application in the context of the victim.
Descripción:	Summary: Bugzilla is prone to the following vulnerabilities: 1. A security bypass vulnerability. 2. An email header-injection vulnerability. 3. Multiple information disclosure vulnerabilities. 4. Multiple cross-site scripting vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform actions in the vulnerable application in the context of the victim. Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2379 BugTraq ID: 49042 http://www.securityfocus.com/bid/49042 Debian Security Information: DSA-2322 (Google Search) http://www.debian.org/security/2011/dsa-2322 http://www.osvdb.org/74297 http://secunia.com/advisories/45501 XForce ISS Database: bugzilla-patch-attachments-xss(69033) https://exchange.xforce.ibmcloud.com/vulnerabilities/69033 Common Vulnerability Exposure (CVE) ID: CVE-2011-2380 http://www.osvdb.org/74298 http://www.osvdb.org/74299 XForce ISS Database: bugzilla-editing-info-disclosure(69034) https://exchange.xforce.ibmcloud.com/vulnerabilities/69034 Common Vulnerability Exposure (CVE) ID: CVE-2011-2381 http://www.osvdb.org/74300 XForce ISS Database: bugzilla-attachment-header-injection(69035) https://exchange.xforce.ibmcloud.com/vulnerabilities/69035 Common Vulnerability Exposure (CVE) ID: CVE-2011-2976 http://www.osvdb.org/74303 XForce ISS Database: bugzilla-buglist-xss(69038) https://exchange.xforce.ibmcloud.com/vulnerabilities/69038 Common Vulnerability Exposure (CVE) ID: CVE-2011-2977 http://www.osvdb.org/74302 XForce ISS Database: bugzilla-attachments-info-disc(69037) https://exchange.xforce.ibmcloud.com/vulnerabilities/69037 Common Vulnerability Exposure (CVE) ID: CVE-2011-2978 http://www.osvdb.org/74301 XForce ISS Database: bugzilla-account-sec-bypass(69036) https://exchange.xforce.ibmcloud.com/vulnerabilities/69036 Common Vulnerability Exposure (CVE) ID: CVE-2011-2979 XForce ISS Database: bugzilla-queries-info-disclosure(69166) https://exchange.xforce.ibmcloud.com/vulnerabilities/69166
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.