CVE-2007-5038

Sažetak

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

Reference

http://fedoranews.org/updates/FEDORA-2007-229.shtml
http://secunia.com/advisories/26848
http://secunia.com/advisories/26969
http://www.bugzilla.org/security/3.0.1/
http://www.securityfocus.com/archive/1/480077/100/0/threaded
http://www.securityfocus.com/bid/25725
http://www.securitytracker.com/id?1018719
http://www.vupen.com/english/advisories/2007/3200
https://bugzilla.mozilla.org/show_bug.cgi?id=395632
https://bugzilla.redhat.com/show_bug.cgi?id=299981
https://exchange.xforce.ibmcloud.com/vulnerabilities/36692

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-10-2018 - 21:40

Objavljeno

24-09-2007 - 00:17