Lucene search
Ubuntu.comUB:CVE-2012-0440HistoryFeb 02, 2012 - 12:00 a.m.
CVE-2012-0440
2012-02-0200:00:00
ubuntu.com
ubuntu.com
12
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.004
Percentile
73.9%
Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla
3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and
4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of
arbitrary users for requests that use the JSON-RPC API.
Bugs
Notes
| Author | Note |
|---|---|
| tyhicks | marking it as low because I donβt think the JSON-RPC API is used much |
Related
prion
prion
Cross site request forgery (csrf)
2012-02-02 18:55:00
seebug
seebug
Bugzilla jsonrpc.cgi θ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2012-02-13 00:00:00
nvd
nvd
CVE-2012-0440
2012-02-02 18:55:01
cve
cve
CVE-2012-0440
2012-02-02 18:55:01
cvelist
cvelist
CVE-2012-0440
2012-02-02 18:00:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2012-1189
2012-02-13 00:00:00
FreeBSD Ports: bugzilla
2012-02-12 00:00:00
Fedora Update for bugzilla FEDORA-2012-1218
2012-03-19 00:00:00
nessus
nessus
Fedora 15 : bugzilla-3.6.8-1.fc15 (2012-1189)
2012-02-13 00:00:00
Fedora 16 : bugzilla-4.0.4-1.fc16 (2012-1218)
2012-02-13 00:00:00
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2012-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: bugzilla-3.6.8-1.fc15
2012-02-10 21:56:18
[SECURITY] Fedora 16 Update: bugzilla-4.0.4-1.fc16
2012-02-10 21:55:47
securityvulns
securityvulns
Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14
2012-02-13 00:00:00
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.004
Percentile
73.9%
Related for UB:CVE-2012-0440