Lucene search

Ubuntu.comUB:CVE-2007-0792

HistoryFeb 06, 2007 - 12:00 a.m.

CVE-2007-0792

2007-02-0600:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.102

Percentile

95.0%

JSON

The mod_perl initialization script in Bugzilla 2.23.3 does not set the
Bugzilla Apache configuration to allow .htaccess permissions to override
file permissions, which allows remote attackers to obtain the database
username and password via a direct request for the localconfig file.

References

launchpad.net/bugs/cve/CVE-2007-0792

nvd.nist.gov/vuln/detail/CVE-2007-0792

security-tracker.debian.org/tracker/CVE-2007-0792

www.cve.org/CVERecord?id=CVE-2007-0792

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.102

Percentile

95.0%

JSON

Related for UB:CVE-2007-0792