Lucene search

MitreCVE-2002-0810

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0810

2003-04-0205:00:00

mitre

web.nvd.nist.gov

bugzilla

html

syncshadowdb

vulnerability

information leakage

cve-2002-0810

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.007

Percentile

79.9%

JSON

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

Affected configurations

Nvd

Node

mozillabugzillaMatch2.14

mozillabugzillaMatch2.14.1

mozillabugzillaMatch2.16

mozillabugzillaMatch2.16rc1

VendorProductVersionCPE
mozillabugzilla2.14cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
mozillabugzilla2.14.1cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
mozillabugzilla2.16cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
mozillabugzilla2.16cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	bugzilla	2.14	cpe:2.3:a:mozilla:bugzilla:2.14:::::::*
mozilla	bugzilla	2.14.1	cpe:2.3:a:mozilla:bugzilla:2.14.1:::::::*
mozilla	bugzilla	2.16	cpe:2.3:a:mozilla:bugzilla:2.16:::::::*
mozilla	bugzilla	2.16	cpe:2.3:a:mozilla:bugzilla:2.16:rc1::::::

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc

archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

bugzilla.mozilla.org/show_bug.cgi?id=92263

www.iss.net/security_center/static/9306.php

www.osvdb.org/6399

www.redhat.com/support/errata/RHSA-2002-109.html

www.securityfocus.com/bid/4964

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.007

Percentile

79.9%

JSON

Related for CVE-2002-0810