CVE-2006-5454

high

Description

Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=346564

https://bugzilla.mozilla.org/show_bug.cgi?id=346086

http://www.vupen.com/english/advisories/2006/4035

http://www.securityfocus.com/bid/20538

http://www.securityfocus.com/archive/1/448777/100/100/threaded

http://www.osvdb.org/29547

http://www.osvdb.org/29546

http://www.bugzilla.org/security/2.18.5/

http://securitytracker.com/id?1017064

http://securityreason.com/securityalert/1760

http://security.gentoo.org/glsa/glsa-200611-04.xml

http://secunia.com/advisories/22790

http://secunia.com/advisories/22409

Details

Source: Mitre, NVD

Published: 2006-10-23

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High