Lucene search

Ubuntu.comUB:CVE-2005-3138

HistoryOct 05, 2005 - 12:00 a.m.

CVE-2005-3138

2005-10-0500:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.016

Percentile

87.2%

JSON

Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows
remote attackers to obtain sensitive information such as the list of
installed products via the config.cgi file, which is accessible even when
the requirelogin parameter is set.

References

launchpad.net/bugs/cve/CVE-2005-3138

nvd.nist.gov/vuln/detail/CVE-2005-3138

security-tracker.debian.org/tracker/CVE-2005-3138

www.cve.org/CVERecord?id=CVE-2005-3138

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.016

Percentile

87.2%

JSON

Related for UB:CVE-2005-3138