Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla < 3.0.2 / 3.1.2 WebService/User.pm Authentication Bypass

Medium

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host suffers from a flaw when parsing input to the 'createemailregexp' parameter of the 'offer_account_by_email()' function in the 'WebService/User.pm' file. An attacker exploiting this flaw would need to know that the SOAP::Lite Perl module was installed. Successful exploitation would result in the attacker being able to create arbitrary Bugzilla user accounts.

Solution

Upgrade to version 3.0.2, 3.1.2 or higher.