Vulnerability Description
Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.2 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.htm
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.htm
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.htm
- http://secunia.com/advisories/40892
- http://secunia.com/advisories/41128
- http://www.bugzilla.org/security/3.2.7/
- http://www.securityfocus.com/bid/42275
- http://www.vupen.com/english/advisories/2010/2035Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2205
- https://bugzilla.mozilla.org/show_bug.cgi?id=519835
- https://bugzilla.mozilla.org/show_bug.cgi?id=577139
- https://bugzilla.redhat.com/show_bug.cgi?id=623423
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.htm
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.htm
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.htm
FAQ
What is CVE-2010-2758?
CVE-2010-2758 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remot...
How severe is CVE-2010-2758?
CVE-2010-2758 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2758?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.