CVE-2007-0792

{"id": "CVE-2007-0792", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-02-06T19:28:00.000", "references": [{"url": "http://osvdb.org/35862", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2222", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017585", "source": "cve@mitre.org"}, {"url": "http://www.bugzilla.org/security/2.20.3/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/459025/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22380", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0477", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32252", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/35862", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2222", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1017585", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.bugzilla.org/security/2.20.3/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/459025/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22380", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0477", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32252", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file."}, {"lang": "es", "value": "La secuencia de comandos de inicializaci\u00f3n de mod_perl en Bugzilla 2.23.3 no establece la configuraci\u00f3n de Bugzilla Apache para permitir sobrescribir los permisos del fichero .htaccess, lo cual permite a atacantes remotos obtener el nombre de usuario y la contrase\u00f1a mediante una petici\u00f3n directa al fichero localconfig."}], "lastModified": "2024-11-21T00:26:45.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4753AB35-B95C-4544-A874-5E6D83929AC1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}