HTTP: Bugzilla Misconfiguration Information Disclosure
This signature detects attempts to exploit a known vulnerability against Bugzilla. Successful exploitation by navigating to the "data/webdot/" and "bzr/" directory paths allows attackers to obtain potentially sensitive information that can aid in other attacks.
Extended Description
Bugzilla is prone to an information-disclosure vulnerability. Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. This issue affects the following: Bugzilla 3.5.1 through 3.6.1 Bugzilla 3.7 through 3.7.1 NOTE: This vulnerability is related to the issue described in BID 41144 (Bugzilla 'localconfig' Information Disclosure Vulnerability)
Affected Products
Mozilla bugzilla
References
BugTraq: 41312
CVE: CVE-2010-2470
URL: https://bugzilla.mozilla.org/show_bug.cgi?id=576060 http://www.bugzilla.org
Short Name
HTTP:INFO-LEAK:BUGZILLA-DISC
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Bugzilla CVE-2010-2470 Disclosure Information Misconfiguration bid:41312
Release Date
07/29/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Mozilla
CVSS Score
1.9