Bugzilla Authentication Bypass and Information Disclosure

Medium Nessus Network Monitor Plugin ID 2372

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote server is running Bugzilla, a bug tracking system. There is a flaw in the remote installation of Bugzilla that may allow an attacker to bypass authentication or to get access to private bug reports.

Solution

Upgrade to version 2.14.5, 2.16.2, 2.17.3 or higher.

See Also

http://www.bugzilla.org/security/2.16.6

Plugin Details

Severity: Medium

ID: 2372

File Name: 2372.prm

Family: CGI

Published: 2004/10/28

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 15562

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2004-1635, CVE-2004-1634

BID: 11511