Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4539

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4539
Last Modified 07 Mar 2011 09:58:44
Published 27 Aug 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4539

Summary

The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.23.3

  • Mozilla Bugzilla 2.23.4

  • Mozilla Bugzilla 2.4

  • Mozilla Bugzilla 2.6

  • Mozilla Bugzilla 2.8

  • Mozilla Bugzilla 2.9

  • Mozilla Bugzilla 3.0.0


References

BID - 25425

SECUNIA - 26584

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=382056

VUPEN - ADV-2007-2977

CONFIRM - http://www.bugzilla.org/security/2.20.4/

OSVDB - 37202

XF - bugzilla-xmlrpc-information-disclosure(36244)

SECTRACK - 1018604

BUGTRAQ - 20070823 Security Advisory for Bugzilla 3.0, 2.22.1, and 2.20.4

GENTOO - GLSA-200709-18

SECUNIA - 26971


Last Updated: 27 May 2016 10:45:54