7.5

CVE-2007-5038

Exploit

EPSS 0.99%
Veröffentlicht 24.09.2007 00:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Bugzilla Version3.0.0

Mozilla ≫ Bugzilla Version3.0.1

Mozilla ≫ Bugzilla Version3.1.0

Mozilla ≫ Bugzilla Version3.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.763

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://fedoranews.org/updates/FEDORA-2007-229.shtml

http://secunia.com/advisories/26848

Patch

Vendor Advisory

http://secunia.com/advisories/26969

http://www.bugzilla.org/security/3.0.1/

Patch

http://www.securityfocus.com/archive/1/480077/100/0/threaded

http://www.securityfocus.com/bid/25725

http://www.securitytracker.com/id?1018719

http://www.vupen.com/english/advisories/2007/3200

https://bugzilla.mozilla.org/show_bug.cgi?id=395632

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=299981

https://exchange.xforce.ibmcloud.com/vulnerabilities/36692

https://nvd.nist.gov/vuln/detail/CVE-2007-5038

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5038

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5038

EUVD