4.3

CVE-2009-3989

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version <= 3.0.10
MozillaBugzilla Version2.0
MozillaBugzilla Version2.2
MozillaBugzilla Version2.4
MozillaBugzilla Version2.6
MozillaBugzilla Version2.8
MozillaBugzilla Version2.10
MozillaBugzilla Version2.12
MozillaBugzilla Version2.14
MozillaBugzilla Version2.14.1
MozillaBugzilla Version2.14.2
MozillaBugzilla Version2.14.3
MozillaBugzilla Version2.14.4
MozillaBugzilla Version2.14.5
MozillaBugzilla Version2.16
MozillaBugzilla Version2.16 Updaterc1
MozillaBugzilla Version2.16 Updaterc2
MozillaBugzilla Version2.16.1
MozillaBugzilla Version2.16.2
MozillaBugzilla Version2.16.3
MozillaBugzilla Version2.16.4
MozillaBugzilla Version2.16.5
MozillaBugzilla Version2.16.6
MozillaBugzilla Version2.16.7
MozillaBugzilla Version2.16.8
MozillaBugzilla Version2.16.9
MozillaBugzilla Version2.16.10
MozillaBugzilla Version2.16.11
MozillaBugzilla Version2.18
MozillaBugzilla Version2.18 Updaterc1
MozillaBugzilla Version2.18 Updaterc2
MozillaBugzilla Version2.18 Updaterc3
MozillaBugzilla Version2.18.1
MozillaBugzilla Version2.18.2
MozillaBugzilla Version2.18.3
MozillaBugzilla Version2.18.4
MozillaBugzilla Version2.18.5
MozillaBugzilla Version2.18.6
MozillaBugzilla Version2.18.7
MozillaBugzilla Version2.18.8
MozillaBugzilla Version2.18.9
MozillaBugzilla Version2.20
MozillaBugzilla Version2.20 Updaterc1
MozillaBugzilla Version2.20 Updaterc2
MozillaBugzilla Version2.20.1
MozillaBugzilla Version2.20.2
MozillaBugzilla Version2.20.3
MozillaBugzilla Version2.20.4
MozillaBugzilla Version2.20.5
MozillaBugzilla Version2.20.6
MozillaBugzilla Version2.20.7
MozillaBugzilla Version2.22
MozillaBugzilla Version2.22 Updaterc1
MozillaBugzilla Version2.22.1
MozillaBugzilla Version2.22.2
MozillaBugzilla Version2.22.3
MozillaBugzilla Version2.22.4
MozillaBugzilla Version2.22.5
MozillaBugzilla Version2.22.6
MozillaBugzilla Version2.22.7
MozillaBugzilla Version3.0.0
MozillaBugzilla Version3.0.1
MozillaBugzilla Version3.0.2
MozillaBugzilla Version3.0.3
MozillaBugzilla Version3.0.4
MozillaBugzilla Version3.0.5
MozillaBugzilla Version3.0.6
MozillaBugzilla Version3.0.7
MozillaBugzilla Version3.0.8
MozillaBugzilla Version3.0.9
MozillaBugzilla Version3.2
MozillaBugzilla Version3.2.1
MozillaBugzilla Version3.2.2
MozillaBugzilla Version3.2.3
MozillaBugzilla Version3.2.4
MozillaBugzilla Version3.2.5
MozillaBugzilla Version3.4
MozillaBugzilla Version3.4.1
MozillaBugzilla Version3.4.2
MozillaBugzilla Version3.4.3
MozillaBugzilla Version3.4.4
MozillaBugzilla Version3.5
MozillaBugzilla Version3.5.1
MozillaBugzilla Version3.5.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.53% 0.715
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/38443
Vendor Advisory
http://www.securityfocus.com/archive/1/509282/100/0/threaded
http://www.vupen.com/english/advisories/2010/0261
Patch
Vendor Advisory
http://www.securityfocus.com/bid/38025
https://bugzilla.mozilla.org/show_bug.cgi?id=314871
Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=434801
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/56003