Detections
Analytics
Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more)
medium Nessus Plugin ID 13635
Language:
Synopsis
The remote web server contains a CGI application that suffers from multiple flaws.Description
The remote Bugzilla bug tracking system, according to its version number, is vulnerable to various flaws :- An administrator may be able to execute arbitrary SQL commands on the remote host.
- There are instances of information leaks that may let an attacker know the database password (under certain circumstances, 2.17.x only) or obtain the names of otherwise hidden products.
- A user with grant membership privileges may escalate his privileges and belong to another group.
- There is a cross-site scripting issue in the administrative web interface.
- Users passwords may be embedded in URLs (2.17.x only).
- Several information leaks exist that may allow users to determine the names of other users and non-users to obtain a list of products, including those that administrators might want to keep confidential.
Solution
Upgrade to 2.16.6 or 2.20 or later.See Also
Plugin Details
Severity: Medium
ID: 13635
File Name: bugzilla_multiple_vulns.nasl
Version: 1.31
Type: remote
Family: CGI abuses
Published: 7/13/2004
Updated: 4/7/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:mozilla:bugzilla
Required KB Items: Settings/ParanoidReport, installed_sw/Bugzilla
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 2/22/2004
Reference Information
CVE: CVE-2004-0702, CVE-2004-0703, CVE-2004-0704, CVE-2004-0705, CVE-2004-0706, CVE-2004-0707
BID: 10698