| Vulnerability Name: | CVE-2006-0916 (CCN-24821) | ||||||||
| Assigned: | 2006-02-20 | ||||||||
| Published: | 2006-02-20 | ||||||||
| Updated: | 2018-10-18 | ||||||||
| Summary: | Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0916 Source: CCN Type: SA18979 Bugzilla Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 18979 Source: SREASON Type: UNKNOWN 464 Source: CCN Type: Bugzilla Security Advisory February 20, 2006 2.18.4, 2.20, and 2.21.1 Security Advisory Source: CCN Type: OSVDB ID: 23380 Bugzilla Crafted Login URL Credential Disclosure Source: BUGTRAQ Type: UNKNOWN 20060221 [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4 Source: BID Type: Vendor Advisory 16745 Source: CCN Type: BID-16745 Bugzilla User Credentials Information Disclosure Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-0692 Source: CCN Type: Mozilla Bugzilla Bug 325079 The login form on the Bugzilla home page may redirect your login and password to another site Source: CONFIRM Type: Patch, Vendor Advisory https://bugzilla.mozilla.org/show_bug.cgi?id=325079 Source: XF Type: UNKNOWN bugzilla-login-data-redirection(24821) Source: XF Type: UNKNOWN bugzilla-login-data-redirection(24821) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||