FreeBSD : bugzilla -- multiple serious vulnerabilities (c8c927e5-2891-11e0-8f26-00151735203a)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Bugzilla Security Advisory reports :

This advisory covers three security issues that have recently been
fixed in the Bugzilla code :

- A weakness in Bugzilla could allow a user to gain unauthorized
access to another Bugzilla account.

- A weakness in the Perl module allows injecting HTTP headers
and content to users via several pages in Bugzilla.

- If you put a harmful 'javascript:' or 'data:' URL into Bugzilla's
'URL' field, then there are multiple situations in which Bugzilla will
unintentionally make that link clickable.

- Various pages lack protection against cross-site request forgeries.

All affected installations are encouraged to upgrade as soon as

See also :

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 51670 ()

Bugtraq ID: 25425

CVE ID: CVE-2010-0048

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now