Summary
This host is running Bugzilla and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allows attackers to search for bugs that were reported by users belonging to one more groups.
Impact Level: Application
Solution
Upgrade to Bugzilla version 3.2.8, 3.4.8, 3.6.2 or 3.7.3 For updates refer to http://www.bugzilla.org/download/
Insight
The flaw is due to an error in 'Search.pm' which allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.
Affected
Bugzilla 2.19.1 to 3.2.7, 3.3.1 to 3.4.7, 3.5.1 to 3.6.1 and 3.7 to 3.7.2
References
Severity
Classification
-
CVE CVE-2010-2756 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Afian 'includer.php' Directory Traversal Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities