CVE-2006-0916

Опубликовано: 28 фев. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.

Ссылки

http://secunia.com/advisories/18979
Vendor Advisory
http://securityreason.com/securityalert/464
http://www.securityfocus.com/archive/1/425584/100/0/threaded
http://www.securityfocus.com/bid/16745
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0692
https://bugzilla.mozilla.org/show_bug.cgi?id=325079
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24821
http://secunia.com/advisories/18979
Vendor Advisory
http://securityreason.com/securityalert/464
http://www.securityfocus.com/archive/1/425584/100/0/threaded
http://www.securityfocus.com/bid/16745
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0692
https://bugzilla.mozilla.org/show_bug.cgi?id=325079
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24821

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.21.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.21.2:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00743

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2006-0916

ubuntu

больше 19 лет назад

CVE-2006-0916

debian

больше 19 лет назад

Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences i ...

GHSA-wcpx-qmj4-w2x4

github

больше 3 лет назад

EPSS

Процентиль: 72%

0.00743

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other