Bugzilla < 3.0.9/3.2.5/3.4.2 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5169
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host is potentially affected by multiple flaws :
- A SQL injection vulnerability in the 'Bug.search' WebService function. (CVE-2009-3125)
- A SQL injection vulnerability in the 'Bug.create WebService function. (CVE-2009-3165)
- When a user reset their password and then logged in immediately afterward, their password would appear in the URL of their browser. (CVE-2009-3166)
SolutionUpgrade to Bugzilla 3.0.9, 3.2.5, or 3.4.2.