Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0013

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0013
Last Modified 10 Sep 2008 08:05:22
Published 17 Jan 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0013

Summary

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.14.2

  • Mozilla Bugzilla 2.14.3

  • Mozilla Bugzilla 2.14.4

  • Mozilla Bugzilla 2.16

  • Mozilla Bugzilla 2.16.1

  • Mozilla Bugzilla 2.17

  • Mozilla Bugzilla 2.17.1


References

DEBIAN - DSA-230

BUGTRAQ - 20030102 [BUGZILLA] Security Advisory - remote database password disclosure

BID - 6501

OSVDB - 6351

XF - bugzilla-htaccess-database-password(10970)


Last Updated: 27 May 2016 10:37:45