| Vulnerability Name: | CVE-2005-1565 (CCN-20586) |
| Assigned: | 2005-05-12 |
| Published: | 2005-05-12 |
| Updated: | 2016-10-18 |
| Summary: | Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: CCN
Type: BugTraq Mailing List, Thu May 12 2005 - 07:23:49 CDT
Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8
Source: MITRE
Type: CNA
CVE-2005-1565
Source: CONECTIVA
Type: UNKNOWN
CLSA-2005:1040
Source: BUGTRAQ
Type: UNKNOWN
20050512 Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8
Source: CCN
Type: SA15338
Bugzilla Two Information Disclosure Weaknesses
Source: SECUNIA
Type: Exploit, Patch, Vendor Advisory
15338
Source: CCN
Type: Bugzilla Web site
Bugzilla
Source: CCN
Type: Bugzilla Download Web page
Download
Source: OSVDB
Type: Exploit, Patch, Vendor Advisory
16427
Source: CCN
Type: OSVDB ID: 16427
Bugzilla URI Web Log Password Disclosure
Source: BID
Type: UNKNOWN
13605
Source: CCN
Type: BID-13605
Bugzilla Authentication Information Disclosure Vulnerability
Source: VUPEN
Type: UNKNOWN
ADV-2005-0533
Source: CCN
Type: Bugzilla Bug 287436
After having logged in, links to change the report type contain username and password
Source: CONFIRM
Type: Exploit, Patch, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=287436
Source: XF
Type: UNKNOWN
bugzilla-password-username-disclosure(20586)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |