Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1046

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1046
Last Modified 05 Sep 2008 04:35:53
Published 18 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1046

Summary

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.10

  • Mozilla Bugzilla 2.12

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.14.2

  • Mozilla Bugzilla 2.14.3

  • Mozilla Bugzilla 2.14.4

  • Mozilla Bugzilla 2.14.5

  • Mozilla Bugzilla 2.16

  • Mozilla Bugzilla 2.16.1

  • Mozilla Bugzilla 2.16.2

  • Mozilla Bugzilla 2.16.3

  • Mozilla Bugzilla 2.17.1

  • Mozilla Bugzilla 2.17.3

  • Mozilla Bugzilla 2.17.4

  • Mozilla Bugzilla 2.4

  • Mozilla Bugzilla 2.6

  • Mozilla Bugzilla 2.8


References

BID - 8953

XF - bugzilla-describecomponents-obtain-info(13602)

BUGTRAQ - 20031103 [BUGZILLA] Security Advisory - SQL injection, information leak

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=209742


Last Updated: 27 May 2016 10:38:09