Fedora 12 : bugzilla-3.4.9-1.fc12 (2010-17235)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

The following security issues have been discovered in Bugzilla :

- There is a way to inject both headers and content to
users, causing a serious Cross-Site Scripting
vulnerability.

- It was possible to see graphs from Old Charts even if
you did not have access to a particular product, and you
could browse a particular URL to see all product names.

- YUI 2.8.1, which shipped with Bugzilla starting with
3.7.x, contained a security vulnerability. The version
of YUI shipped with Bugzilla 4.0rc1 and above has been
updated to 2.8.2.

These are tracked by CVE-2010-3764.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=649398
https://bugzilla.redhat.com/show_bug.cgi?id=649404
http://www.nessus.org/u?1dcada43

Solution :

Update the affected bugzilla package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 50594 ()

Bugtraq ID: 44618

CVE ID: CVE-2010-3172
CVE-2010-3764
CVE-2010-4207
CVE-2010-4208
CVE-2010-4209

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now