Vulnerability Description
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.4 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=15980
- http://marc.info/?l=bugtraq&m=99912899900567
- http://www.redhat.com/support/errata/RHSA-2001-107.htmlPatchVendor Advisory
- http://bugzilla.mozilla.org/show_bug.cgi?id=15980
- http://marc.info/?l=bugtraq&m=99912899900567
- http://www.redhat.com/support/errata/RHSA-2001-107.htmlPatchVendor Advisory
FAQ
What is CVE-2001-1403?
CVE-2001-1403 is a vulnerability with a CVSS score of 7.5 (HIGH). Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observ...
How severe is CVE-2001-1403?
CVE-2001-1403 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1403?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.