Vulnerabilities > CVE-2007-0792 - Unspecified vulnerability in Mozilla Bugzilla 2.23.3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mozilla

NVD

Published: 2007-02-06

Updated: 2018-10-16

Summary

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Bugzilla 2.23.3	1

References

http://www.bugzilla.org/security/2.20.3/
http://www.securityfocus.com/bid/22380
http://securitytracker.com/id?1017585
http://securityreason.com/securityalert/2222
http://osvdb.org/35862
http://www.vupen.com/english/advisories/2007/0477
https://exchange.xforce.ibmcloud.com/vulnerabilities/32252
http://www.securityfocus.com/archive/1/459025/100/0/threaded