Vulnerability Description
The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.23.3 |
References
- http://osvdb.org/35862
- http://securityreason.com/securityalert/2222
- http://securitytracker.com/id?1017585
- http://www.bugzilla.org/security/2.20.3/Vendor Advisory
- http://www.securityfocus.com/archive/1/459025/100/0/threaded
- http://www.securityfocus.com/bid/22380
- http://www.vupen.com/english/advisories/2007/0477
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32252
- http://osvdb.org/35862
- http://securityreason.com/securityalert/2222
- http://securitytracker.com/id?1017585
- http://www.bugzilla.org/security/2.20.3/Vendor Advisory
- http://www.securityfocus.com/archive/1/459025/100/0/threaded
- http://www.securityfocus.com/bid/22380
- http://www.vupen.com/english/advisories/2007/0477
FAQ
What is CVE-2007-0792?
CVE-2007-0792 is a vulnerability with a CVSS score of 7.5 (HIGH). The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtai...
How severe is CVE-2007-0792?
CVE-2007-0792 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0792?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.