Summary
This host is running Bugzilla and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attackers to read sensitive configuration fields.
Impact Level: Application
Solution
upgrade Bugzilla 3.7.2 or later,
For updates refer to http://www.bugzilla.org/download/
Insight
The flaw is due to an error in 'install/Filesystem.pm', which uses world-readable permissions within 'bzr/' and 'data/webdot/'.
Affected
Bugzilla version 3.5.1 to 3.6.1 and 3.7 through 3.7.1,
References
Severity
Classification
-
CVE CVE-2010-2470 -
CVSS Base Score: 1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- allocPSA 'login/login.php' Cross Site Scripting Vulnerability
- HP System Management Homepage Multiple Unspecified Vulnerabilities
- Nagios XI 'users.php' Multiple Cross-Site Scripting Vulnerabilities
- PmWiki Table Feature 'width' Parameter Cross-site scripting vulnerability
- Sambar sendmail /session/sendmail