Lucene search

K

MitreCVELIST:CVE-2007-0792

HistoryFeb 06, 2007 - 7:00 p.m.

CVE-2007-0792

2007-02-0619:00:00

mitre

www.cve.org

3

AI Score

6.6

Confidence

High

EPSS

0.102

Percentile

95.0%

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

References

osvdb.org/35862

securityreason.com/securityalert/2222

securitytracker.com/id?1017585

www.bugzilla.org/security/2.20.3/

www.securityfocus.com/archive/1/459025/100/0/threaded

www.securityfocus.com/bid/22380

www.vupen.com/english/advisories/2007/0477

exchange.xforce.ibmcloud.com/vulnerabilities/32252

AI Score

6.6

Confidence

High

EPSS

0.102

Percentile

95.0%

Related for CVELIST:CVE-2007-0792

prion1 nvd1 cve1 ubuntucve1 securityvulns1