CVE-2002-0810

2003-04-0205:00:00

mitre

www.cve.org

AI Score

6.4

Confidence

High

EPSS

0.007

Percentile

79.9%

JSON

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc

archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

bugzilla.mozilla.org/show_bug.cgi?id=92263

www.iss.net/security_center/static/9306.php

www.osvdb.org/6399

www.redhat.com/support/errata/RHSA-2002-109.html

www.securityfocus.com/bid/4964