7.5

CVE-2006-0916

Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version2.19.3
MozillaBugzilla Version2.20
MozillaBugzilla Version2.20 Updaterc1
MozillaBugzilla Version2.20 Updaterc2
MozillaBugzilla Version2.21
MozillaBugzilla Version2.21.1
MozillaBugzilla Version2.21.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.18% 0.635
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18979
Vendor Advisory
http://www.securityfocus.com/archive/1/425584/100/0/threaded
http://www.vupen.com/english/advisories/2006/0692
http://securityreason.com/securityalert/464
http://www.securityfocus.com/bid/16745
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=325079
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24821