CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
59.6%
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the
srand function at startup time, which causes Apache children to have the
same seed and produce insufficiently random numbers for random tokens,
which allows remote attackers to bypass cross-site request forgery (CSRF)
protection mechanisms and conduct unauthorized activities as other users.