Vulnerability Description
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 3.0.0 |
Related Weaknesses (CWE)
References
- http://fedoranews.org/updates/FEDORA-2007-229.shtml
- http://secunia.com/advisories/26848PatchVendor Advisory
- http://secunia.com/advisories/26969
- http://www.bugzilla.org/security/3.0.1/Patch
- http://www.securityfocus.com/archive/1/480077/100/0/threaded
- http://www.securityfocus.com/bid/25725
- http://www.securitytracker.com/id?1018719
- http://www.vupen.com/english/advisories/2007/3200
- https://bugzilla.mozilla.org/show_bug.cgi?id=395632Exploit
- https://bugzilla.redhat.com/show_bug.cgi?id=299981
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36692
- http://fedoranews.org/updates/FEDORA-2007-229.shtml
- http://secunia.com/advisories/26848PatchVendor Advisory
- http://secunia.com/advisories/26969
- http://www.bugzilla.org/security/3.0.1/Patch
FAQ
What is CVE-2007-5038?
CVE-2007-5038 is a vulnerability with a CVSS score of 7.5 (HIGH). The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote att...
How severe is CVE-2007-5038?
CVE-2007-5038 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5038?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.