| Vulnerability Name: | CVE-2005-1563 (CCN-20584) |
| Assigned: | 2005-05-12 |
| Published: | 2005-05-12 |
| Updated: | 2016-10-18 |
| Summary: | Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: CCN
Type: BugTraq Mailing List, Thu May 12 2005 - 07:23:49 CDT
Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8
Source: MITRE
Type: CNA
CVE-2005-1563
Source: CONECTIVA
Type: UNKNOWN
CLSA-2005:1040
Source: BUGTRAQ
Type: UNKNOWN
20050512 Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8
Source: CCN
Type: SA15338
Bugzilla Two Information Disclosure Weaknesses
Source: SECUNIA
Type: Patch, Vendor Advisory
15338
Source: CCN
Type: Bugzilla Web site
Bugzilla
Source: CCN
Type: Bugzilla Download Web page
Download
Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.bugzilla.org/security/2.16.8/
Source: OSVDB
Type: Patch, Vendor Advisory
16425
Source: CCN
Type: OSVDB ID: 16425
Bugzilla Product Name Enumeration
Source: BID
Type: UNKNOWN
13606
Source: CCN
Type: BID-13606
Bugzilla Hidden Product Information Disclosure Vulnerability
Source: VUPEN
Type: UNKNOWN
ADV-2005-0533
Source: CCN
Type: Bugzilla Bug 287109
Names of private products/components can be exposed on certain CGIs
Source: CONFIRM
Type: Patch, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=287109
Source: XF
Type: UNKNOWN
bugzilla-product-information-disclosure(20584)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |