Vulnerability Name: | CVE-2002-0809 (CCN-10141) | ||||||||
Assigned: | 2002-06-08 | ||||||||
Published: | 2002-06-08 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: CCN Type: FreeBSD Security Notice FreeBSD-SN-02:05 security issues in ports Source: BUGTRAQ Type: Patch, Vendor Advisory 20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Source: CCN Type: BugTraq Mailing List, Sat Jun 08 2002 - 01:50:12 CDT [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2 Source: CCN Type: Bugzilla Web site Bug 148674 - Boolean Charts don't work in Netpositive because '-' is sent as '%2D' Source: CONFIRM Type: UNKNOWN http://bugzilla.mozilla.org/show_bug.cgi?id=148674 Source: MITRE Type: CNA CVE-2002-0809 Source: CCN Type: RHSA-2002-109 Updated bugzilla packages fix security issues Source: XF Type: UNKNOWN bugzilla-group-permissions-removal(10141) Source: CCN Type: OSVDB ID: 6398 Bugzilla Hex Encoded Request Information Disclosure Source: REDHAT Type: UNKNOWN RHSA-2002:109 Source: BID Type: UNKNOWN 4964 Source: CCN Type: BID-4964 Multiple Bugzilla Security Vulnerabilities Source: XF Type: UNKNOWN bugzilla-group-permissions-removal(10141) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |