SynopsisThe remote web server is hosting an application that is vulnerable to multiple attack vectors.
DescriptionThe remote web server is hosting Bugzilla, a web-based bug tracking application.
Versions of Bugzilla 3.2.x earlier than 3.2.10, 3.4.x earlier than 3.4.10, and 3.6.x earlier than 3.6.4 are potentially affected by multiple vulnerabilities :
- A weakness could allow a user to gain unauthorized access to another Bugzilla account.
- A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages.
- Various pages lack protection against cross-site request forgeries.
SolutionUpgrade to Bugzilla 3.2.10, 3.4.10, 3.6.4 or later.