Lucene search

Ubuntu.comUB:CVE-2004-0707

HistoryJul 27, 2004 - 12:00 a.m.

CVE-2004-0707

2004-07-2700:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

53.2%

JSON

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before
2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to
grant membership to any group to execute arbitrary SQL.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchbugzilla< 2.20-1UNKNOWN
ubuntu6.10noarchbugzilla< 2.20-1UNKNOWN
ubuntu7.04noarchbugzilla< 2.20-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	bugzilla	< 2.20-1	UNKNOWN
ubuntu	6.10	noarch	bugzilla	< 2.20-1	UNKNOWN
ubuntu	7.04	noarch	bugzilla	< 2.20-1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2004-0707

nvd.nist.gov/vuln/detail/CVE-2004-0707

security-tracker.debian.org/tracker/CVE-2004-0707

www.cve.org/CVERecord?id=CVE-2004-0707

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

53.2%

JSON

Related for UB:CVE-2004-0707