Vulnerability Description
DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.4 |
References
- http://marc.info/?l=bugtraq&m=108965446813639&w=2
- http://www.securityfocus.com/bid/10698PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16673
- http://marc.info/?l=bugtraq&m=108965446813639&w=2
- http://www.securityfocus.com/bid/10698PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16673
FAQ
What is CVE-2004-0702?
CVE-2004-0702 is a vulnerability with a CVSS score of 5.0 (MEDIUM). DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.
How severe is CVE-2004-0702?
CVE-2004-0702 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0702?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.