Lucene search
HistoryOct 28, 2002 - 5:00 a.m.
CVE-2002-1196
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
77.2%
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the “usebuggroups” feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
Affected configurations
Node
mozillabugzillaMatch2.14
ORmozillabugzillaMatch2.14.1
ORmozillabugzillaMatch2.14.2
ORmozillabugzillaMatch2.14.3
ORmozillabugzillaMatch2.16
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | bugzilla | 2.14 | cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.14.1 | cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.14.2 | cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.14.3 | cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16 | cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2002-1196
2004-09-01 04:00:00
openvas
openvas
Debian Security Advisory DSA 173-1 (bugzilla)
2008-01-17 00:00:00
Debian Security Advisory DSA 173-1 (bugzilla)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-173-1 : bugzilla - privilege escalation
2004-09-29 00:00:00
osv
osv
bugzilla - privilege escalation
2002-10-09 00:00:00
cvelist
cvelist
CVE-2002-1196
2004-09-01 04:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
77.2%
Related for NVD:CVE-2002-1196