Test Kennung:	1.3.6.1.4.1.25623.1.0.892672
Kategorie:	Web application abuses
Titel:	Bugzilla LDAP Code Injection And Security Bypass Vulnerabilities
Zusammenfassung:	The host is running Bugzilla and is prone to code injection and security;bypass vulnerabilities.
Beschreibung:	Summary: The host is running Bugzilla and is prone to code injection and security bypass vulnerabilities. Vulnerability Insight: The flaws are due to - When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injection. - Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data. Vulnerability Impact: Successful exploitation will allow remote attackers to gain sensitive information and bypass security restriction on the affected site. Affected Software/OS: Bugzilla 2.x and 3.x to 3.6.11, 3.7.x and 4.0.x to 4.0.7, 4.1.x and 4.2.x to 4.2.2, and 4.3.x to 4.3.2 Solution: Upgrade to Bugzilla version 4.0.8, 4.2.3, 4.3.3 or higher. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	BugTraq ID: 55349 Common Vulnerability Exposure (CVE) ID: CVE-2012-4747 Common Vulnerability Exposure (CVE) ID: CVE-2012-3981 http://www.mandriva.com/security/advisories?name=MDVSA-2013:066 https://bugzilla.mozilla.org/show_bug.cgi?id=785112 http://osvdb.org/85072 XForce ISS Database: bugzilla-ldap-data-manipulation(78193) https://exchange.xforce.ibmcloud.com/vulnerabilities/78193
Copyright	Copyright (c) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.