Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0916

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0916
Last Modified 07 Mar 2011 09:31:04
Published 28 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0916

Summary

Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.19.3

  • Mozilla Bugzilla 2.20

  • Mozilla Bugzilla 2.21

  • Mozilla Bugzilla 2.21.1

  • Mozilla Bugzilla 2.21.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=325079

XF - bugzilla-login-data-redirection(24821)

VUPEN - ADV-2006-0692

BID - 16745

BUGTRAQ - 20060221 [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4

SECUNIA - 18979

SREASON - 464


Last Updated: 27 May 2016 10:41:50