CVE-2009-3989

Bugzilla <3.0.11, <3.2.x, <3.4.x, <3.5.x - Info Disclosure

Title source: llm
STIX 2.1

Description

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56003
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0261
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38025
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509282/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38443

Scores

EPSS 0.0153
EPSS Percentile 71.9%

Details

CWE
CWE-264
Status published
Products (43)
mozilla/bugzilla 2.0
mozilla/bugzilla 2.2
mozilla/bugzilla 2.4
mozilla/bugzilla 2.6
mozilla/bugzilla 2.8
mozilla/bugzilla 2.10
mozilla/bugzilla 2.12
mozilla/bugzilla 2.14
mozilla/bugzilla 2.14.1
mozilla/bugzilla 2.14.2
... and 33 more
Published Feb 03, 2010
Tracked Since Feb 18, 2026