Bugzilla UTF-8 CVE-2012-0448 User Impersonation Vulnerability
BID:51784
Info
Bugzilla UTF-8 CVE-2012-0448 User Impersonation Vulnerability
| Bugtraq ID: | 51784 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0448 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 31 2012 12:00AM |
| Updated: | Apr 16 2015 05:50PM |
| Credit: | James Kettle |
| Vulnerable: |
Mozilla Bugzilla 4.0.3 Mozilla Bugzilla 4.0.2 Mozilla Bugzilla 3.6.7 Mozilla Bugzilla 3.6.6 Mozilla Bugzilla 3.6.4 Mozilla Bugzilla 3.6.1 Mozilla Bugzilla 3.4.13 Mozilla Bugzilla 3.4.12 Mozilla Bugzilla 3.4.10 Mozilla Bugzilla 3.4.7 Mozilla Bugzilla 3.4.6 Mozilla Bugzilla 3.4.5 Mozilla Bugzilla 3.4.4 Mozilla Bugzilla 3.4.3 Mozilla Bugzilla 3.4.2 Mozilla Bugzilla 3.4.1 Mozilla Bugzilla 3.6.3 Mozilla Bugzilla 3.6.2 Mozilla Bugzilla 3.6 Mozilla Bugzilla 3.4.9 Mozilla Bugzilla 3.4.8 Mozilla Bugzilla 3.4 rc1 Mozilla Bugzilla 3.4 |
| Not Vulnerable: |
Mozilla Bugzilla 4.0.4 Mozilla Bugzilla 3.6.8 Mozilla Bugzilla 3.4.14 |
Discussion
Bugzilla UTF-8 CVE-2012-0448 User Impersonation Vulnerability
Bugzilla is prone to a user-impersonation vulnerability because it fails to properly handle email addresses.
An attacker can exploit this issue to impersonate arbitrary users and perform unauthorized actions.
Bugzilla versions prior to 3.4.14, 3.6.8, and 4.0.4 are affected.
Bugzilla is prone to a user-impersonation vulnerability because it fails to properly handle email addresses.
An attacker can exploit this issue to impersonate arbitrary users and perform unauthorized actions.
Bugzilla versions prior to 3.4.14, 3.6.8, and 4.0.4 are affected.
Exploit / POC
Bugzilla UTF-8 CVE-2012-0448 User Impersonation Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
Bugzilla UTF-8 CVE-2012-0448 User Impersonation Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Bugzilla UTF-8 CVE-2012-0448 User Impersonation Vulnerability
References:
References: