Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3139

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3139
Last Modified 07 Mar 2011 09:25:51
Published 05 Oct 2005 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3139

Summary

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.19.1

  • Mozilla Bugzilla 2.19.2

  • Mozilla Bugzilla 2.19.3

  • Mozilla Bugzilla 2.20

  • Mozilla Bugzilla 2.21


References

BID - 14996

CONFIRM - http://www.bugzilla.org/security/2.18.4/

SECUNIA - 17030

BUGTRAQ - 20051001 Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21

XF - bugzilla-usevisibilitygroup-info-disclosure(42799)


Last Updated: 27 May 2016 10:40:48