7.5
CVE-2002-1196
- EPSS 1.59%
- Veröffentlicht 28.10.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.59% | 0.725 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
http://marc.info/?l=bugtraq&m=103349804226566&w=2
http://www.debian.org/security/2002/dsa-173
http://www.iss.net/security_center/static/10233.php
http://www.securityfocus.com/bid/5843