Vulnerabilities > CVE-2002-0008 - Unspecified vulnerability in Mozilla Bugzilla
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Redhat
| advisories |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
- http://bugzilla.mozilla.org/show_bug.cgi?id=108385
- http://bugzilla.mozilla.org/show_bug.cgi?id=108385
- http://bugzilla.mozilla.org/show_bug.cgi?id=108516
- http://bugzilla.mozilla.org/show_bug.cgi?id=108516
- http://rhn.redhat.com/errata/RHSA-2002-001.html
- http://rhn.redhat.com/errata/RHSA-2002-001.html
- http://www.bugzilla.org/security2_14_1.html
- http://www.bugzilla.org/security2_14_1.html
- http://www.iss.net/security_center/static/7804.php
- http://www.iss.net/security_center/static/7804.php
- http://www.iss.net/security_center/static/7805.php
- http://www.iss.net/security_center/static/7805.php
- http://www.securityfocus.com/bid/3793
- http://www.securityfocus.com/bid/3793
- http://www.securityfocus.com/bid/3794
- http://www.securityfocus.com/bid/3794