Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2002-0809

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.

  • Published: Aug 12, 2002
  • Updated: Apr 13, 2023
  • CVE: CVE-2002-0809
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
mozilla / bugzilla 2.16-rc1 2.16-rc1.x
mozilla / bugzilla 2.16 2.16.x
mozilla / bugzilla 2.14.1 2.14.1.x
mozilla / bugzilla 2.14 2.14.x