HomePentest-Tools.com Logo

Bugzilla LDAP Code Injection And Security Bypass Vulnerabilities CVE-2012-4747CVE-2012-3981

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Bugzilla is prone to code injection and security bypass vulnerabilities.

Risk description

The flaws are due to - When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injection. - Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data. Successful exploitation will allow remote attackers to gain sensitive information and bypass security restriction on the affected site.

Recommendation

Upgrade to Bugzilla version 4.0.8, 4.2.3, 4.3.3 or higher.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 4, 2012
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available