Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla < 3.2.7 / 3.4.7 / 3.6.1 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is hosting an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting Bugzilla, a web-based bug tracking application.

Versions of Bugzilla earlier than 3.2.7, 3.4.x earlier than 3.4.7, and 3.6.x earlier than 3.6.1 are potentially affected by multiple vulnerabilities :

- It is possible to determine time-tracking information for bugs through specially crafted search URLs. (CVE-2010-1204)

- If '$use_suexec' is set to '1' in the localconfig file, the localconfig file's permissions were set as world-readable by checksetup.pl. (CVE-2010-0180)

Solution

Upgrade to Bugzilla 3.2.7, 3.4.7, 3.6.1, or later.