CVE-2012-0440

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-0440
Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.

5.1 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/47814
http://www.bugzilla.org/security/3.4.13/ Vendor Advisory
http://www.securitytracker.com/id?1026623
https://bugzilla.mozilla.org/show_bug.cgi?id=718319 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/72882
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:bugzilla:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.6.7:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:mozilla:bugzilla:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.5.3:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*
History

No history.

Information

Published : 2012-02-02 18:55

Updated : 2017-08-29 01:30

NVD link : CVE-2012-0440

Mitre link : CVE-2012-0440

CVE.ORG link : CVE-2012-0440

JSON object : View

Products Affected

mozilla

  • bugzilla
CWE
CWE-352

Cross-Site Request Forgery (CSRF)