7.5

CVE-2002-1196

EPSS 0.43%
Published 28.10.2002 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Bugzilla Version2.14

Mozilla ≫ Bugzilla Version2.14.1

Mozilla ≫ Bugzilla Version2.14.2

Mozilla ≫ Bugzilla Version2.14.3

Mozilla ≫ Bugzilla Version2.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12

http://marc.info/?l=bugtraq&m=103349804226566&w=2

http://www.debian.org/security/2002/dsa-173

Patch

Vendor Advisory

http://www.iss.net/security_center/static/10233.php

Vendor Advisory

http://www.securityfocus.com/bid/5843

https://nvd.nist.gov/vuln/detail/CVE-2002-1196

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1196

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1196

EUVD