This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
A Bugzilla Security Advisory reports : The login form had no CSRF
protection, meaning that an attacker could force the victim to log in
using the attacker's credentials. If the victim then reports a new
security sensitive bug, the attacker would get immediate access to
Due to changes involved in the Bugzilla API, this fix is not
backported to the 4.0 and 4.2 branches, meaning that Bugzilla 4.0.12
and older, and 4.2.8 and older, will remain vulnerable to this issue.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.0