ID de Prueba:	1.3.6.1.4.1.25623.1.0.892672
Categoría:	Web application abuses
Título:	Bugzilla LDAP Code Injection And Security Bypass Vulnerabilities
Resumen:	Bugzilla is prone to code injection and security bypass vulnerabilities.
Descripción:	Summary: Bugzilla is prone to code injection and security bypass vulnerabilities. Vulnerability Insight: The flaws are due to - When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injection. - Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data. Vulnerability Impact: Successful exploitation will allow remote attackers to gain sensitive information and bypass security restriction on the affected site. Affected Software/OS: Bugzilla 2.x and 3.x to 3.6.11, 3.7.x and 4.0.x to 4.0.7, 4.1.x and 4.2.x to 4.2.2, and 4.3.x to 4.3.2 Solution: Upgrade to Bugzilla version 4.0.8, 4.2.3, 4.3.3 or higher. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4747 Common Vulnerability Exposure (CVE) ID: CVE-2012-3981 http://www.mandriva.com/security/advisories?name=MDVSA-2013:066 https://bugzilla.mozilla.org/show_bug.cgi?id=785112 http://osvdb.org/85072 XForce ISS Database: bugzilla-ldap-data-manipulation(78193) https://exchange.xforce.ibmcloud.com/vulnerabilities/78193
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.