CVE-2006-0916

2006-02-2811:02:00

mitre

web.nvd.nist.gov

cve-2006-0916

bugzilla

url redirection

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.5%

JSON

Bugzilla 2.19.3 through 2.20 does not properly handle “//” sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user’s browser to send the form data to another domain.

Affected configurations

Nvd

Node

mozillabugzillaMatch2.19.3

mozillabugzillaMatch2.20

mozillabugzillaMatch2.20rc1

mozillabugzillaMatch2.20rc2

mozillabugzillaMatch2.21

mozillabugzillaMatch2.21.1

mozillabugzillaMatch2.21.2

VendorProductVersionCPE
mozillabugzilla2.19.3cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*
mozillabugzilla2.20cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*
mozillabugzilla2.20cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*
mozillabugzilla2.20cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*
mozillabugzilla2.21cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*
mozillabugzilla2.21.1cpe:2.3:a:mozilla:bugzilla:2.21.1:*:*:*:*:*:*:*
mozillabugzilla2.21.2cpe:2.3:a:mozilla:bugzilla:2.21.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	bugzilla	2.19.3	cpe:2.3:a:mozilla:bugzilla:2.19.3:::::::*
mozilla	bugzilla	2.20	cpe:2.3:a:mozilla:bugzilla:2.20:::::::*
mozilla	bugzilla	2.20	cpe:2.3:a:mozilla:bugzilla:2.20:rc1::::::
mozilla	bugzilla	2.20	cpe:2.3:a:mozilla:bugzilla:2.20:rc2::::::
mozilla	bugzilla	2.21	cpe:2.3:a:mozilla:bugzilla:2.21:::::::*
mozilla	bugzilla	2.21.1	cpe:2.3:a:mozilla:bugzilla:2.21.1:::::::*
mozilla	bugzilla	2.21.2	cpe:2.3:a:mozilla:bugzilla:2.21.2:::::::*