Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1564

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1564
Last Modified 05 Sep 2008 04:49:28
Published 12 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1564

Summary

post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.10

  • Mozilla Bugzilla 2.12

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.14.2

  • Mozilla Bugzilla 2.14.3

  • Mozilla Bugzilla 2.14.4

  • Mozilla Bugzilla 2.14.5

  • Mozilla Bugzilla 2.16

  • Mozilla Bugzilla 2.16.1

  • Mozilla Bugzilla 2.16.2

  • Mozilla Bugzilla 2.16.3

  • Mozilla Bugzilla 2.16.4

  • Mozilla Bugzilla 2.16.5

  • Mozilla Bugzilla 2.17

  • Mozilla Bugzilla 2.17.1

  • Mozilla Bugzilla 2.17.3

  • Mozilla Bugzilla 2.17.4

  • Mozilla Bugzilla 2.17.5

  • Mozilla Bugzilla 2.17.6

  • Mozilla Bugzilla 2.17.7

  • Mozilla Bugzilla 2.18

  • Mozilla Bugzilla 2.19.1

  • Mozilla Bugzilla 2.19.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=287109

OSVDB - 16426

CONFIRM - http://www.bugzilla.org/security/2.16.8/

SECUNIA - 15338

BUGTRAQ - 20050512 Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8

XF - bugzilla-postbug-weak-security(42797)


Last Updated: 27 May 2016 10:40:12