[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97389

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-3981

Date: (C)2012-09-04   (M)2017-08-29
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.

Reference:
OSVDB-85072
MDVSA-2013:066
bugzilla-ldap-data-manipulation(78193)
http://www.bugzilla.org/security/3.6.10/
https://bugzilla.mozilla.org/show_bug.cgi?id=785112
https://bugzilla.mozilla.org/show_bug.cgi?id=785470

CPE    167
cpe:/a:mozilla:bugzilla:2.22:rc1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:3.7
...
CWE    1
CWE-255
OVAL    5
oval:org.secpod.oval:def:104747
oval:org.secpod.oval:def:104331
oval:org.secpod.oval:def:104330
oval:org.secpod.oval:def:104141
...

© 2013 SecPod Technologies