| Vulnerability Name: | CVE-2003-0013 (CCN-10970) | ||||||||
| Assigned: | 2003-01-02 | ||||||||
| Published: | 2003-01-02 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: Bugzilla Bug 186383 Checksetup leaves editor backups of localconfig accessible Source: MITRE Type: CNA CVE-2003-0013 Source: BUGTRAQ Type: UNKNOWN 20030102 [BUGZILLA] Security Advisory - remote database password disclosure Source: CCN Type: Bugzilla Security Advisory, January 2nd, 2003 remote database password disclosure Source: DEBIAN Type: Patch, Vendor Advisory DSA-230 Source: DEBIAN Type: DSA-230 bugzilla -- insecure permissions Source: XF Type: UNKNOWN bugzilla-htaccess-database-password(10970) Source: OSVDB Type: UNKNOWN 6351 Source: CCN Type: OSVDB ID: 6351 Bugzilla .htaccess Backup File Protection Failure Source: BID Type: UNKNOWN 6501 Source: CCN Type: BID-6501 Bugzilla LocalConfig Backup File Disclosure Vulnerability Source: XF Type: UNKNOWN bugzilla-htaccess-database-password(10970) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||