Bugzilla < 3.6.11 / 4.0.8 / 4.2.3 / 4.3.3 Multiple Vulnerabilities

medium Nessus Plugin ID 62074

Synopsis

The remote web server contains a CGI application that suffers from multiple vulnerabilities.

Description

According to its banner, the version of Bugzilla installed on the remote host is affected by multiple vulnerabilities :

- When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injection. Note that this affects versions 2.12 to 3.6.10, 3.7.1 to 4.0.7, 4.1.1 to 4.2.2, and 4.3.1 to 4.3.2. (CVE-2012-3981)

- Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data. Note that this affects versions 2.23.2 to 3.6.10, 3.7.1 to 4.0.7, 4.1.1 to 4.2.2, and 4.3.1 to 4.3.2. (CVE-2012-4747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Bugzilla 3.6.11/ 4.0.8 / 4.2.3 / 4.3.3 or later. Note that a patch for CVE-2012-4747 may not have been ported to all branches of Bugzilla. Please refer to the above referenced URL for available patches and solutions.

See Also

http://www.bugzilla.org/security/3.6.10/

Plugin Details

Severity: Medium

ID: 62074

File Name: bugzilla_3_6_11.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 9/13/2012

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-4747

Vulnerability Information

CPE: cpe:/a:mozilla:bugzilla

Required KB Items: installed_sw/Bugzilla, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 8/30/2012

Vulnerability Publication Date: 8/30/2012

Reference Information

CVE: CVE-2012-3981, CVE-2012-4747

BID: 55349