CVE-2003-0013

Sažetak

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.

Reference

http://marc.info/?l=bugtraq&m=104154319200399&w=2
http://www.debian.org/security/2003/dsa-230
http://www.iss.net/security_center/static/10970.php
http://www.osvdb.org/6351
http://www.securityfocus.com/bid/6501

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2016 - 02:28

Objavljeno

17-01-2003 - 05:00