Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5038

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5038
Last Modified 07 Mar 2011 09:59:58
Published 23 Sep 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5038

Summary

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

Vulnerable Systems

Application

  • Mozilla Bugzilla 3.0.0

  • Mozilla Bugzilla 3.0.1

  • Mozilla Bugzilla 3.1.0

  • Mozilla Bugzilla 3.1.1


References

CONFIRM - http://www.bugzilla.org/security/3.0.1/

SECUNIA - 26848

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=395632

VUPEN - ADV-2007-3200

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=299981

XF - bugzilla-offeraccount-security-bypass(36692)

SECTRACK - 1018719

BID - 25725

BUGTRAQ - 20070919 Security Advisory for Bugzilla 3.0.1 and 3.1.1

SECUNIA - 26969

FEDORA - FEDORA-2007-2299


Last Updated: 27 May 2016 10:46:02