CVE-2002-0008
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.
Versiones anteriores a la 2.14.1 de Bugzilla permiten que un atacante remoto (1) falsee el comentario de un usuario por medio de una petición HTTP usando process_bug.cgi y el parámetro "who" en vez de una cokie de Bugzilla_login, o (2) envíe un bug como otro usuario, modificando el parámetro de enter_bug.cgi, el cual se pasa a post_bug.cgi.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-01-09 CVE Reserved
- 2002-01-10 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html | Mailing List | |
| http://www.iss.net/security_center/static/7804.php | Vdb Entry | |
| http://www.iss.net/security_center/static/7805.php | Vdb Entry | |
| http://www.securityfocus.com/bid/3793 | Vdb Entry | |
| http://www.securityfocus.com/bid/3794 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://bugzilla.mozilla.org/show_bug.cgi?id=108385 | 2008-09-10 | |
| http://bugzilla.mozilla.org/show_bug.cgi?id=108516 | 2008-09-10 | |
| http://rhn.redhat.com/errata/RHSA-2002-001.html | 2008-09-10 | |
| http://www.bugzilla.org/security2_14_1.html | 2008-09-10 |