CVE Vulnerabilities

CVE-2012-0465

Published: Apr 27, 2012 | Modified: Aug 14, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication requests with (1) different IP address strings in this header or (2) a long string in this header.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 4.1.1 4.1.1
Bugzilla Mozilla 3.7.2 3.7.2
Bugzilla Mozilla 4.2 4.2
Bugzilla Mozilla 4.2 4.2
Bugzilla Mozilla 3.6.1 3.6.1
Bugzilla Mozilla 3.7.1 3.7.1
Bugzilla Mozilla 3.6.0 3.6.0
Bugzilla Mozilla 3.5.3 3.5.3
Bugzilla Mozilla 3.6.3 3.6.3
Bugzilla Mozilla 4.0.1 4.0.1
Bugzilla Mozilla 3.6.4 3.6.4
Bugzilla Mozilla 3.6.8 3.6.8
Bugzilla Mozilla 4.0.2 4.0.2
Bugzilla Mozilla 3.5.2 3.5.2
Bugzilla Mozilla 3.5.1 3.5.1
Bugzilla Mozilla 4.2 4.2
Bugzilla Mozilla 4.0.5 4.0.5
Bugzilla Mozilla 4.1.2 4.1.2
Bugzilla Mozilla 3.6.7 3.6.7
Bugzilla Mozilla 3.7.3 3.7.3
Bugzilla Mozilla 3.6.6 3.6.6
Bugzilla Mozilla 4.0.3 4.0.3
Bugzilla Mozilla 4.0.4 4.0.4
Bugzilla Mozilla 3.6.5 3.6.5
Bugzilla Mozilla 4.1.3 4.1.3
Bugzilla Mozilla 3.6.2 3.6.2

References