| Vulnerability Name: | CVE-2006-5454 (CCN-29613) | ||||||||
| Assigned: | 2006-10-15 | ||||||||
| Published: | 2006-10-15 | ||||||||
| Updated: | 2018-10-17 | ||||||||
| Summary: | Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi. This vulnerability is addressed in the following product release: Mozilla, Bugzilla, 2.18.6 Mozilla, Bugzilla, 2.20.3 Mozilla, Bugzilla, 2.22.1 Mozilla, Bugzilla, 2.23.3 | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Oct 15 2006 - 05:02:20 CDT Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 Source: MITRE Type: CNA CVE-2006-5454 Source: CCN Type: SA22409 Bugzilla Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 22409 Source: SECUNIA Type: UNKNOWN 22790 Source: GENTOO Type: UNKNOWN GLSA-200611-04 Source: SREASON Type: UNKNOWN 1760 Source: CCN Type: SECTRACK ID: 1017064 Bugzilla Discloses Attachment Description and `Deadline` Field to Remote Users Source: SECTRACK Type: Patch 1017064 Source: CCN Type: Bugzilla Web site 2.18.5, 2.20.2, 2.22, and 2.23.2 Security Advisory Source: CONFIRM Type: UNKNOWN http://www.bugzilla.org/security/2.18.5/ Source: CCN Type: GLSA-200611-04 Bugzilla: Multiple Vulnerabilities Source: OSVDB Type: UNKNOWN 29546 Source: OSVDB Type: UNKNOWN 29547 Source: CCN Type: OSVDB ID: 29546 Bugzilla Attachment Diff Private Description Disclosure Source: CCN Type: OSVDB ID: 29547 Bugzilla XML Format Deadline Field Disclosure Source: BUGTRAQ Type: UNKNOWN 20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 Source: BID Type: UNKNOWN 20538 Source: CCN Type: BID-20538 Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-4035 Source: CONFIRM Type: Patch https://bugzilla.mozilla.org/show_bug.cgi?id=346086 Source: CONFIRM Type: Patch https://bugzilla.mozilla.org/show_bug.cgi?id=346564 Source: XF Type: UNKNOWN bugzilla-diff-mode-information-disclosure(29613) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2006-5454 (CCN-29614) | ||||||||
| Assigned: | 2006-10-15 | ||||||||
| Published: | 2006-10-15 | ||||||||
| Updated: | 2018-10-17 | ||||||||
| Summary: | This vulnerability is addressed in the following product release:
Mozilla, Bugzilla, 2.18.6 Mozilla, Bugzilla, 2.20.3 Mozilla, Bugzilla, 2.22.1 Mozilla, Bugzilla, 2.23.3 | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Oct 15 2006 - 05:02:20 CDT Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 Source: MITRE Type: CNA CVE-2006-5454 Source: CCN Type: SA22409 Bugzilla Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1017064 Bugzilla Discloses Attachment Description and `Deadline` Field to Remote Users Source: CCN Type: Bugzilla Web site 2.18.5, 2.20.2, 2.22, and 2.23.2 Security Advisory Source: CCN Type: GLSA-200611-04 Bugzilla: Multiple Vulnerabilities Source: CCN Type: OSVDB ID: 29546 Bugzilla Attachment Diff Private Description Disclosure Source: CCN Type: OSVDB ID: 29547 Bugzilla XML Format Deadline Field Disclosure Source: CCN Type: BID-20538 Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities Source: XF Type: UNKNOWN bugzilla-deadline-information-disclosure(29614) | ||||||||
| BACK | |||||||||