Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2979

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2979
Last Modified 25 Oct 2011 11:00:32
Published 09 Aug 2011 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2979

Summary

Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression.

Vulnerable Systems

Application

  • Mozilla Bugzilla 4.1

  • Mozilla Bugzilla 4.1.1

  • Mozilla Bugzilla 4.1.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=674497

XF - bugzilla-queries-info-disclosure(69166)

BID - 49042

OSVDB - 74299

OSVDB - 74298

DEBIAN - DSA-2322

CONFIRM - http://www.bugzilla.org/security/3.4.11/

SECUNIA - 45501


Last Updated: 27 May 2016 10:57:14