Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0914

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2006-0914
Last Modified 07 Mar 2011 09:31:04
Published 28 Feb 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0914

Summary

Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.16.10

  • Mozilla Bugzilla 2.17

  • Mozilla Bugzilla 2.17.4

  • Mozilla Bugzilla 2.17.5

  • Mozilla Bugzilla 2.17.6

  • Mozilla Bugzilla 2.17.7

  • Mozilla Bugzilla 2.18

  • Mozilla Bugzilla 2.18.1

  • Mozilla Bugzilla 2.18.2

  • Mozilla Bugzilla 2.18.3

  • Mozilla Bugzilla 2.18.4

  • Mozilla Bugzilla 2.20


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=312498

XF - bugzilla-duplicates-sql-injection(42802)

VUPEN - ADV-2006-0692

BUGTRAQ - 20060221 [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4


Last Updated: 27 May 2016 10:41:50