CVE-2001-0329

Description

Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.

Affected Software
References

Software	From	Fixed in
mozilla / bugzilla	2.10	2.10.x
mozilla / bugzilla	2.4	2.4.x
mozilla / bugzilla	2.6	2.6.x
mozilla / bugzilla	2.8	2.8.x

http://www.atstake.com/research/advisories/2001/a043001-1.txt
http://www.mozilla.org/projects/bugzilla/security2_12.html
http://www.securityfocus.com/bid/1199

Severity: High

CVE: CVE-2001-0329
Published: Jun 27, 2001
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE-2001-0329

Description

Details

CVSS v2