Summary
Bugzilla is prone to an information-disclosure vulnerability.
Exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.
This issue affects the following:
Bugzilla 3.3.1 through 3.4.4 Bugzilla 3.5.1 Bugzilla 3.5.2
Solution
Updates are available. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2009-3387 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Struts Cross Site Scripting Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability