CVE-2003-0013 — Mozilla Bugzilla vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJan 17

Latest updateApr 29

Description

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla9 versions+8

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-q9qc-9wgg-p28f: The default↗2022-04-29

▶

CVEList

CVE-2003-0013: The default↗2004-09-01

▶