CVE-2007-0792 — Mozilla Bugzilla vulnerability
3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 23.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 6
Latest updateMay 1
Description
The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4