7.5

CVE-2007-5038

Exploit
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version3.0.0
MozillaBugzilla Version3.0.1
MozillaBugzilla Version3.1.0
MozillaBugzilla Version3.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.96% 0.777
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://fedoranews.org/updates/FEDORA-2007-229.shtml
http://secunia.com/advisories/26848
Patch
Vendor Advisory
http://secunia.com/advisories/26969
http://www.bugzilla.org/security/3.0.1/
Patch
http://www.securityfocus.com/archive/1/480077/100/0/threaded
http://www.securityfocus.com/bid/25725
http://www.securitytracker.com/id?1018719
http://www.vupen.com/english/advisories/2007/3200
https://bugzilla.mozilla.org/show_bug.cgi?id=395632
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=299981
https://exchange.xforce.ibmcloud.com/vulnerabilities/36692