4.3

CVE-2009-3989

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version <= 3.0.10
MozillaBugzilla Version2.0
MozillaBugzilla Version2.2
MozillaBugzilla Version2.4
MozillaBugzilla Version2.6
MozillaBugzilla Version2.8
MozillaBugzilla Version2.10
MozillaBugzilla Version2.12
MozillaBugzilla Version2.14
MozillaBugzilla Version2.14.1
MozillaBugzilla Version2.14.2
MozillaBugzilla Version2.14.3
MozillaBugzilla Version2.14.4
MozillaBugzilla Version2.14.5
MozillaBugzilla Version2.16
MozillaBugzilla Version2.16 Updaterc1
MozillaBugzilla Version2.16 Updaterc2
MozillaBugzilla Version2.16.1
MozillaBugzilla Version2.16.2
MozillaBugzilla Version2.16.3
MozillaBugzilla Version2.16.4
MozillaBugzilla Version2.16.5
MozillaBugzilla Version2.16.6
MozillaBugzilla Version2.16.7
MozillaBugzilla Version2.16.8
MozillaBugzilla Version2.16.9
MozillaBugzilla Version2.16.10
MozillaBugzilla Version2.16.11
MozillaBugzilla Version2.18
MozillaBugzilla Version2.18 Updaterc1
MozillaBugzilla Version2.18 Updaterc2
MozillaBugzilla Version2.18 Updaterc3
MozillaBugzilla Version2.18.1
MozillaBugzilla Version2.18.2
MozillaBugzilla Version2.18.3
MozillaBugzilla Version2.18.4
MozillaBugzilla Version2.18.5
MozillaBugzilla Version2.18.6
MozillaBugzilla Version2.18.7
MozillaBugzilla Version2.18.8
MozillaBugzilla Version2.18.9
MozillaBugzilla Version2.20
MozillaBugzilla Version2.20 Updaterc1
MozillaBugzilla Version2.20 Updaterc2
MozillaBugzilla Version2.20.1
MozillaBugzilla Version2.20.2
MozillaBugzilla Version2.20.3
MozillaBugzilla Version2.20.4
MozillaBugzilla Version2.20.5
MozillaBugzilla Version2.20.6
MozillaBugzilla Version2.20.7
MozillaBugzilla Version2.22
MozillaBugzilla Version2.22 Updaterc1
MozillaBugzilla Version2.22.1
MozillaBugzilla Version2.22.2
MozillaBugzilla Version2.22.3
MozillaBugzilla Version2.22.4
MozillaBugzilla Version2.22.5
MozillaBugzilla Version2.22.6
MozillaBugzilla Version2.22.7
MozillaBugzilla Version3.0.0
MozillaBugzilla Version3.0.1
MozillaBugzilla Version3.0.2
MozillaBugzilla Version3.0.3
MozillaBugzilla Version3.0.4
MozillaBugzilla Version3.0.5
MozillaBugzilla Version3.0.6
MozillaBugzilla Version3.0.7
MozillaBugzilla Version3.0.8
MozillaBugzilla Version3.0.9
MozillaBugzilla Version3.2
MozillaBugzilla Version3.2.1
MozillaBugzilla Version3.2.2
MozillaBugzilla Version3.2.3
MozillaBugzilla Version3.2.4
MozillaBugzilla Version3.2.5
MozillaBugzilla Version3.4
MozillaBugzilla Version3.4.1
MozillaBugzilla Version3.4.2
MozillaBugzilla Version3.4.3
MozillaBugzilla Version3.4.4
MozillaBugzilla Version3.5
MozillaBugzilla Version3.5.1
MozillaBugzilla Version3.5.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.684
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N