4.3
CVE-2009-3989
- EPSS 1.53%
- Veröffentlicht 03.02.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.53% | 0.715 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
http://secunia.com/advisories/38443
http://www.securityfocus.com/archive/1/509282/100/0/threaded
http://www.vupen.com/english/advisories/2010/0261
http://www.securityfocus.com/bid/38025
https://bugzilla.mozilla.org/show_bug.cgi?id=314871
https://bugzilla.mozilla.org/show_bug.cgi?id=434801
https://exchange.xforce.ibmcloud.com/vulnerabilities/56003