Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6098

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-6098
Last Modified 25 Mar 2009 01:48:21
Published 09 Feb 2009 01:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6098

Summary

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.17.4

  • Mozilla Bugzilla 2.17.5

  • Mozilla Bugzilla 2.17.6

  • Mozilla Bugzilla 2.17.7

  • Mozilla Bugzilla 2.18

  • Mozilla Bugzilla 2.18.1

  • Mozilla Bugzilla 2.18.2

  • Mozilla Bugzilla 2.18.3

  • Mozilla Bugzilla 2.18.4

  • Mozilla Bugzilla 2.18.5

  • Mozilla Bugzilla 2.18.6

  • Mozilla Bugzilla 2.18.7

  • Mozilla Bugzilla 2.18.8

  • Mozilla Bugzilla 2.18.9

  • Mozilla Bugzilla 2.19

  • Mozilla Bugzilla 2.19.1

  • Mozilla Bugzilla 2.19.2

  • Mozilla Bugzilla 2.19.3

  • Mozilla Bugzilla 2.20

  • Mozilla Bugzilla 2.20.1

  • Mozilla Bugzilla 2.20.2

  • Mozilla Bugzilla 2.20.3

  • Mozilla Bugzilla 2.20.4

  • Mozilla Bugzilla 2.20.5

  • Mozilla Bugzilla 2.20.6

  • Mozilla Bugzilla 2.21

  • Mozilla Bugzilla 2.21.1

  • Mozilla Bugzilla 2.21.2

  • Mozilla Bugzilla 2.22

  • Mozilla Bugzilla 2.22.1

  • Mozilla Bugzilla 2.22.2

  • Mozilla Bugzilla 2.22.3

  • Mozilla Bugzilla 2.22.4

  • Mozilla Bugzilla 2.22.5

  • Mozilla Bugzilla 2.22.6

  • Mozilla Bugzilla 2.23

  • Mozilla Bugzilla 2.23.1

  • Mozilla Bugzilla 2.23.2

  • Mozilla Bugzilla 2.23.3

  • Mozilla Bugzilla 2.23.4

  • Mozilla Bugzilla 3.0 Rc1

  • Mozilla Bugzilla 3.0.0

  • Mozilla Bugzilla 3.0.1

  • Mozilla Bugzilla 3.0.2

  • Mozilla Bugzilla 3.0.3

  • Mozilla Bugzilla 3.0.4

  • Mozilla Bugzilla 3.0.5

  • Mozilla Bugzilla 3.0.6

  • Mozilla Bugzilla 3.0.7

  • Mozilla Bugzilla 3.1.0

  • Mozilla Bugzilla 3.1.1

  • Mozilla Bugzilla 3.1.2

  • Mozilla Bugzilla 3.1.3

  • Mozilla Bugzilla 3.1.4

  • Mozilla Bugzilla 3.2

  • Mozilla Bugzilla 3.2.1

  • Mozilla Bugzilla 3.3.1

  • Mozilla Bugzilla 3.3.2


References

FEDORA - FEDORA-2009-2417

FEDORA - FEDORA-2009-2418

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=449931

XF - bugzilla-quips-security-bypass(46424)

BID - 32178

CONFIRM - http://www.bugzilla.org/security/2.20.6/

SECUNIA - 34361

SECUNIA - 32501


Last Updated: 27 May 2016 10:49:04