Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4437

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-4437
Last Modified 07 Mar 2011 10:12:27
Published 03 Oct 2008 06:22:45
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4437

Summary

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.22.1

  • Mozilla Bugzilla 2.22.2

  • Mozilla Bugzilla 2.22.3

  • Mozilla Bugzilla 2.22.4

  • Mozilla Bugzilla 2.23

  • Mozilla Bugzilla 2.23.1

  • Mozilla Bugzilla 2.23.2

  • Mozilla Bugzilla 2.23.3

  • Mozilla Bugzilla 2.23.4

  • Mozilla Bugzilla 2.4

  • Mozilla Bugzilla 2.6

  • Mozilla Bugzilla 2.8

  • Mozilla Bugzilla 2.9

  • Mozilla Bugzilla 3.0.2

  • Mozilla Bugzilla 3.1.1

  • Mozilla Bugzilla 3.1.2

  • Mozilla Bugzilla 3.1.3

  • Mozilla Bugzilla 3.1.4


References

BID - 30661

FEDORA - FEDORA-2009-2417

FEDORA - FEDORA-2009-2418

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=437169

XF - bugzilla-importxml-directory-traversal(44407)

VUPEN - ADV-2008-2344

SECTRACK - 1020668

CONFIRM - http://www.bugzilla.org/security/2.22.4/

SECUNIA - 34361

SECUNIA - 31444


Last Updated: 27 May 2016 10:48:30