Fedora 12 : bugzilla-3.4.9-1.fc12 (2010-17235)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote Fedora host is missing a security update.

Description :

The following security issues have been discovered in Bugzilla :

- There is a way to inject both headers and content to
users, causing a serious Cross-Site Scripting

- It was possible to see graphs from Old Charts even if
you did not have access to a particular product, and you
could browse a particular URL to see all product names.

- YUI 2.8.1, which shipped with Bugzilla starting with
3.7.x, contained a security vulnerability. The version
of YUI shipped with Bugzilla 4.0rc1 and above has been
updated to 2.8.2.

These are tracked by CVE-2010-3764.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :


Solution :

Update the affected bugzilla package.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 50594 ()

Bugtraq ID: 44618

CVE ID: CVE-2010-3172

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now