admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2007/CVE-2007-07xx/CVE-2007-0792.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

146 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2007-0792",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-02-06T19:28:00.000",
"lastModified": "2024-11-21T00:26:45.363",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file."
},
{
"lang": "es",
"value": "La secuencia de comandos de inicializaci\u00f3n de mod_perl en Bugzilla 2.23.3 no establece la configuraci\u00f3n de Bugzilla Apache para permitir sobrescribir los permisos del fichero .htaccess, lo cual permite a atacantes remotos obtener el nombre de usuario y la contrase\u00f1a mediante una petici\u00f3n directa al fichero localconfig."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": true,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4753AB35-B95C-4544-A874-5E6D83929AC1"
}
]
}
]
}
],
"references": [
{
"url": "http://osvdb.org/35862",
"source": "cve@mitre.org"
},
{
"url": "http://securityreason.com/securityalert/2222",
"source": "cve@mitre.org"
},
{
"url": "http://securitytracker.com/id?1017585",
"source": "cve@mitre.org"
},
{
"url": "http://www.bugzilla.org/security/2.20.3/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/459025/100/0/threaded",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/22380",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2007/0477",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32252",
"source": "cve@mitre.org"
},
{
"url": "http://osvdb.org/35862",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://securityreason.com/securityalert/2222",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://securitytracker.com/id?1017585",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.bugzilla.org/security/2.20.3/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/459025/100/0/threaded",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/22380",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.vupen.com/english/advisories/2007/0477",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32252",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink