Security News > 2015 > September > Critical Bugzilla flaw allows access to unpatched vulnerability information (Help Net Security)
2015-09-18 08:46
Mozilla has patched a critical vulnerability (CVE-2015-4499) in its popular open source bug-tracking Bugzilla software - a vulnerability that can be exploited by attackers to gain access to informatio...
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/buq1krkpU5M/secworld.php
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Setting a security standard: From vulnerability to exposure management (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Major security audit of critical FreeBSD components now available (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-09-14 | CVE-2015-4499 | Improper Input Validation vulnerability in Mozilla Bugzilla Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. | 0.0 |