CVE Vulnerabilities

CVE-2001-0329

Published: Jun 27, 2001 | Modified: Sep 10, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 2.10 2.10
Bugzilla Mozilla 2.6 2.6
Bugzilla Mozilla 2.4 2.4
Bugzilla Mozilla 2.8 2.8

References