Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1403

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1403
Last Modified 05 Sep 2008 04:26:27
Published 10 Sep 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1403

Summary

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.10

  • Mozilla Bugzilla 2.12

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.4

  • Mozilla Bugzilla 2.6

  • Mozilla Bugzilla 2.8


References

REDHAT - RHSA-2001:107

BUGTRAQ - 20010829 Security Advisory for Bugzilla v2.13 and older

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=15980


Last Updated: 27 May 2016 10:36:39