This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
A Bugzilla Security Advisory reports : The following security issues
have been discovered in Bugzilla : Unauthorized Access Due to a lack
of proper validation of the X-FORWARDED-FOR header of an
authentication request, an attacker could bypass the current lockout
policy used for protection against brute- force password discovery.
This vulnerability can only be exploited if the 'inbound_proxies'
buglist.cgi could be used by a malicious script to permit an attacker
to gain access to some information about bugs he would not normally be
allowed to see, using the victim's credentials. To be exploitable, the
victim must be logged in when visiting the attacker's malicious page.
All affected installations are encouraged to upgrade as soon as
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3