Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla < 3.0.9/3.2.5/3.4.2 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host is potentially affected by multiple flaws :

- A SQL injection vulnerability in the 'Bug.search' WebService function. (CVE-2009-3125)

- A SQL injection vulnerability in the 'Bug.create WebService function. (CVE-2009-3165)

- When a user reset their password and then logged in immediately afterward, their password would appear in the URL of their browser. (CVE-2009-3166)

Solution

Upgrade to Bugzilla 3.0.9, 3.2.5, or 3.4.2.