Описание
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2002-0810
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
- http://bugzilla.mozilla.org/show_bug.cgi?id=92263
- http://www.iss.net/security_center/static/9306.php
- http://www.osvdb.org/6399
- http://www.redhat.com/support/errata/RHSA-2002-109.html
- http://www.securityfocus.com/bid/4964
EPSS
CVE ID
Связанные уязвимости
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error me ...
EPSS