[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2012-3981Date: (C)2012-09-04   (M)2018-04-13


Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
OSVDB-85072
MDVSA-2013:066
bugzilla-ldap-data-manipulation(78193)
http://www.bugzilla.org/security/3.6.10/
https://bugzilla.mozilla.org/show_bug.cgi?id=785112
https://bugzilla.mozilla.org/show_bug.cgi?id=785470

CPE    167
cpe:/a:mozilla:bugzilla:2.22:rc1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:3.7
...
CWE    1
CWE-255
OVAL    5
oval:org.secpod.oval:def:104330
oval:org.secpod.oval:def:104141
oval:org.secpod.oval:def:104747
oval:org.secpod.oval:def:104331
...

© SecPod Technologies