Bugzilla 'localconfig' Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Bugzilla and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to read sensitive configuration fields. Impact Level: Application

Solution

Upgrade to Bugzilla version 3.6.1, 3.7.1 or later, For updates refer to http://www.bugzilla.org/download/

Insight

The flaw is due to an error in 'install/Filesystem.pm', which uses world readable permissions for the localconfig files via the database password field and the site_wide_secret field.

Affected

Bugzilla version 3.5.1 to 3.6 and 3.7

References

http://secunia.com/advisories/40300
http://www.bugzilla.org/security/3.2.6/
http://www.vupen.com/english/advisories/2010/1595
https://bugzilla.mozilla.org/show_bug.cgi?id=561797

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0180
CVSS Base Score: 1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

CgiMail.exe vulnerability
Nikto (NASL wrapper)
MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
Mailman Detection
MediaWiki Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities