mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
223 lines
8.3 KiB
JSON
223 lines
8.3 KiB
JSON
{
|
|
"id": "CVE-2012-0465",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2012-04-27T20:55:01.250",
|
|
"lastModified": "2012-08-14T03:34:05.847",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication requests with (1) different IP address strings in this header or (2) a long string in this header."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Bugzilla v3.5.x y v3.6.x antes de v3.6.9, v3.7.x y v4.0.x antes de v4.0.6 y v4.1.x y v4.2.x antes de v4.2.1, cuando la opci\u00f3n \"inbound_proxies\" est\u00e1 activada, no valida correctamente la cabecera HTTP 'X-Forwarded-For', loque permite evitar la pol\u00edtica de bloqueo a atacantes remotos a trav\u00e9s de una serie de solicitudes de autenticaci\u00f3n con (1) cadenas con diferentes direcciones IP en este encabezado o (2) una cadena demasiado larga en esta cabecera."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-264"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1907D4D0-9D6E-476E-BD1A-88A32D3EFE38"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.5.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "61DD0779-786E-4714-AA73-86FB19E26028"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.5.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A8E8DD97-5799-465D-8B99-F2BD6AA681AB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4A1AD503-7F78-4597-AECD-6DC530AD4D3C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BCAD5285-E485-4F49-99CF-287545260FDD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5C193DF3-8D23-44A9-94DE-9F4F7358ED3F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80BA8C84-32C3-4ECF-B4C7-573B12441D22"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "820EC9F1-B66C-43CE-B254-145F4AC23083"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4BDA6DC-8D53-417D-8320-CE266F8607B7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5B01E0D5-3F26-4A71-A22C-FAD7CBF47283"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6C33D8DA-86A4-4A70-82F8-27D5DE3881EA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "884D0728-8E3C-47F3-9DDD-FA976E1553EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "740ADCB7-B296-4728-A73A-9691265B8F07"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6187C92D-FEE9-4B1B-B7ED-9A1DD360B204"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "71213AF6-48CC-469F-9FBA-CAF1D3237657"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A367BFF0-397D-416F-960C-602E8B66421A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A6229B76-3EB0-45D9-9667-7E94D0880AE7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4FCD8B47-9BF6-4F3E-AF88-0416BE31EC65"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C8D0ED4E-F1A7-43B7-B9D2-D6D6AA145459"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "93FE2861-A397-4439-9BB8-7B67D7F9D211"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "27783033-F558-427C-89A7-C3638C57F2A0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E91557C7-8C53-49C4-8BC5-7F86D4AA09B8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "50448355-F1D3-48AB-AED0-5FE027D7C199"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7CE9B4E3-8044-4305-A517-E695D0831355"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4BDA28D1-5B26-4FBA-B685-C230569AF024"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F61B90BF-3548-4D3A-BF70-A9DC96C11775"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=728639",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
}
|
|
]
|
|
} |