CVE Vulnerability

CVE-2007-5038

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.bugzilla.org/security/3.0.1/ Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=395632 Exploit
http://secunia.com/advisories/26848 Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=299981
http://fedoranews.org/updates/FEDORA-2007-229.shtml
http://www.securityfocus.com/bid/25725
http://www.securitytracker.com/id?1018719
http://secunia.com/advisories/26969
http://www.vupen.com/english/advisories/2007/3200
https://exchange.xforce.ibmcloud.com/vulnerabilities/36692
http://www.securityfocus.com/archive/1/480077/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.1.0:*:*:*:*:*:*:*
Information

Published : 2007-09-24 12:17

Updated : 2018-10-15 09:40

NVD link : CVE-2007-5038

Mitre link : CVE-2007-5038

Products Affected

Bugzilla

Mozilla

CWE
CWE-264