Vulnerability Description
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.14 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
- http://marc.info/?l=bugtraq&m=103349804226566&w=2
- http://www.debian.org/security/2002/dsa-173PatchVendor Advisory
- http://www.iss.net/security_center/static/10233.phpVendor Advisory
- http://www.securityfocus.com/bid/5843
- http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
- http://marc.info/?l=bugtraq&m=103349804226566&w=2
- http://www.debian.org/security/2002/dsa-173PatchVendor Advisory
- http://www.iss.net/security_center/static/10233.phpVendor Advisory
- http://www.securityfocus.com/bid/5843
FAQ
What is CVE-2002-1196?
CVE-2002-1196 is a vulnerability with a CVSS score of 7.5 (HIGH). editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values fo...
How severe is CVE-2002-1196?
CVE-2002-1196 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1196?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.