This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
A Bugzilla Security Advisory reports :
The following security issues have been discovered in Bugzilla :
- Due to a lack of validation of the enctype form attribute when
making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was
discovered. If a user visits an HTML page with some malicious HTML
code in it, an attacker could make changes to a remote Bugzilla
installation on behalf of the victim's account by using the XML-RPC
API on a site running mod_perl. Sites running under mod_cgi are not
affected. Also, the user would have had to be already logged in to the
target site for the vulnerability to work.
All affected installations are encouraged to upgrade as soon as
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 5.1