Vulnerability Description
Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | <= 3.0.10 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/38443Vendor Advisory
- http://www.securityfocus.com/archive/1/509282/100/0/threaded
- http://www.securityfocus.com/bid/38025
- http://www.vupen.com/english/advisories/2010/0261PatchVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=314871Patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=434801Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56003
- http://secunia.com/advisories/38443Vendor Advisory
- http://www.securityfocus.com/archive/1/509282/100/0/threaded
- http://www.securityfocus.com/bid/38025
- http://www.vupen.com/english/advisories/2010/0261PatchVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=314871Patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=434801Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56003
FAQ
What is CVE-2009-3989?
CVE-2009-3989 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attacke...
How severe is CVE-2009-3989?
CVE-2009-3989 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3989?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.