CVE-2005-3138

Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.

Published: Oct 5, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3138
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / bugzilla	2.19.3	2.19.3.x
mozilla / bugzilla	2.20-rc2	2.20-rc2.x
mozilla / bugzilla	2.20-rc1	2.20-rc1.x
mozilla / bugzilla	2.19	2.19.x
mozilla / bugzilla	2.18-rc1	2.18-rc1.x
mozilla / bugzilla	2.18.1	2.18.1.x
mozilla / bugzilla	2.19.1	2.19.1.x
mozilla / bugzilla	2.18.3	2.18.3.x
mozilla / bugzilla	2.18-rc3	2.18-rc3.x
mozilla / bugzilla	2.18.2	2.18.2.x
mozilla / bugzilla	2.18-rc2	2.18-rc2.x
mozilla / bugzilla	2.21	2.21.x
mozilla / bugzilla	2.19.2	2.19.2.x

http://marc.info/?l=bugtraq&m=112818466125484&w=2
http://secunia.com/advisories/17030/
http://www.bugzilla.org/security/2.18.4/
http://www.securityfocus.com/bid/14995
https://exchange.xforce.ibmcloud.com/vulnerabilities/22490

Vulnerability Database

290,206

CVE-2005-3138