Vulnerabilities > CVE-2002-0007 - Authentication Bypass vulnerability in BugZilla LDAP

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

mozilla

critical

NVD

Published: 2002-01-31

Updated: 2017-10-10

Summary

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Bugzilla - Mozilla Bugzilla 2.0 Mozilla Bugzilla 2.2 Mozilla Bugzilla 2.4 Mozilla Bugzilla 2.6 Mozilla Bugzilla 2.8 Mozilla Bugzilla 2.9 Mozilla Bugzilla 2.10 Mozilla Bugzilla 2.12 Mozilla Bugzilla 2.14 Mozilla Bugzilla 2.14.1	11

Redhat

advisories

rhsa

id	RHSA-2002:001

References

http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
http://bugzilla.mozilla.org/show_bug.cgi?id=54901
http://rhn.redhat.com/errata/RHSA-2002-001.html
http://www.bugzilla.org/security2_14_1.html
http://www.securityfocus.com/bid/3792
https://exchange.xforce.ibmcloud.com/vulnerabilities/7812