Lucene search
MitreCVE-2002-1196HistorySep 01, 2004 - 4:00 a.m.
CVE-2002-1196
2004-09-0104:00:00
mitre
web.nvd.nist.gov
25
cve-2002-1196
bugzilla
security vulnerability
usebuggroups
perl
math
permissions
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
77.2%
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the “usebuggroups” feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
Affected configurations
Node
mozillabugzillaMatch2.14
ORmozillabugzillaMatch2.14.1
ORmozillabugzillaMatch2.14.2
ORmozillabugzillaMatch2.14.3
ORmozillabugzillaMatch2.16
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | bugzilla | 2.14 | cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.14.1 | cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.14.2 | cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.14.3 | cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16 | cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:* |
Related
openvas
openvas
Debian Security Advisory DSA 173-1 (bugzilla)
2008-01-17 00:00:00
Debian Security Advisory DSA 173-1 (bugzilla)
2008-01-17 00:00:00
nvd
nvd
CVE-2002-1196
2002-10-28 05:00:00
nessus
nessus
Debian DSA-173-1 : bugzilla - privilege escalation
2004-09-29 00:00:00
osv
osv
bugzilla - privilege escalation
2002-10-09 00:00:00
cvelist
cvelist
CVE-2002-1196
2004-09-01 04:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
77.2%
Related for CVE-2002-1196