Bugzilla < 3.6.13 / 4.0.10 / 4.2.5 / 4.4rc2 Multiple Vulnerabilities

medium Nessus Plugin ID 64878

Synopsis

The remote web server contains a CGI application that suffers from multiple vulnerabilities.

Description

According to its banner, the version of Bugzilla installed on the remote host is affected by multiple vulnerabilities :

- A cross-site scripting vulnerability exists due to a flaw in the validation of the 'id' parameter upon submission of the 'show_bug.cgi' script. An attacker can leverage this to inject arbitrary HTML and script code in a user's browser to be executed within the security context of the affected site. Note that this affects versions 2.0 to 3.6.12, 3.7.1 to 4.0.9, 4.1.1 to 4.2.4, and 4.3.1 to 4.4rc1.
(CVE-2013-0785)

- An information leak issue exists when running a query in debug mode. This can lead to the display of the SQL query used to collect the data. Confidential information could be leaked in the SQL query that is displayed. Note that this affects versions 2.17.1 to 3.6.12, and 3.7.1 to 4.0.9. (CVE-2013-0786)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Bugzilla 3.6.13 / 4.0.10 / 4.2.5 / 4.4rc2 or later.

See Also

https://bugzilla.mozilla.org/show_bug.cgi?id=842038

http://www.bugzilla.org/security/3.6.12/

Plugin Details

Severity: Medium

ID: 64878

File Name: bugzilla_3_6_13.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 2/25/2013

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-0786

Vulnerability Information

CPE: cpe:/a:mozilla:bugzilla

Required KB Items: Settings/ParanoidReport, installed_sw/Bugzilla

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 2/19/2013

Vulnerability Publication Date: 12/23/2012

Reference Information

CVE: CVE-2013-0785, CVE-2013-0786

BID: 58001, 58060

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990