CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
85.3%
The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host is susceptible to the following vulnerabilities :
A security-bypass vulnerability because it fails to verify the email id during account creation. Specifically, this issue occurs because the login names are automatically added to groups based on the domain. This issue affects the ‘realname’ parameter.(CVE-2014-1572)
Multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input submitted to CGI arguments.(CVE-2014-1573)
An information disclosure vulnerability because a flag mail recipient who is not in an insider group can view the private comments.(CVE-2014-1571)
Binary data 8606.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1573
www.bugzilla.org/security/4.0.14
bugzilla.mozilla.org/show_bug.cgi?id=1064140
bugzilla.mozilla.org/show_bug.cgi?id=1074812
bugzilla.mozilla.org/show_bug.cgi?id=1075578