Vulnerabilities > CVE-2003-1046 - Multiple vulnerability in Bugzilla

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mozilla

nessus

NVD

Published: 2004-08-18

Updated: 2017-07-11

Summary

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Bugzilla 2.4 Mozilla Bugzilla 2.6 Mozilla Bugzilla 2.8 Mozilla Bugzilla 2.10 Mozilla Bugzilla 2.12 Mozilla Bugzilla 2.14 Mozilla Bugzilla 2.14.1 Mozilla Bugzilla 2.14.2 Mozilla Bugzilla 2.14.3 Mozilla Bugzilla 2.14.4 Mozilla Bugzilla 2.14.5 Mozilla Bugzilla 2.16 Mozilla Bugzilla 2.16.1 Mozilla Bugzilla 2.16.2 Mozilla Bugzilla 2.16.3 Mozilla Bugzilla 2.17.1 Mozilla Bugzilla 2.17.3 Mozilla Bugzilla 2.17.4	18

Nessus

NASL family	CGI abuses
NASL id	BUGZILLA_SQL_VULNS.NASL
description	According to its version number, the remote Bugzilla bug tracker is vulnerable to various flaws that could let a privileged user execute arbitrary SQL commands on this host, which could allow an attacker to obtain information about bugs marked as being confidential.
last seen	2020-06-01
modified	2020-06-02
plugin id	11917
published	2003-11-05
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11917
title	Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID)

Summary

Vulnerable Configurations

Nessus

References