CVE-2002-0809

Published: Aug 12, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.

Affected (4)

Products: Mozilla: Bugzilla

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 2.14.1
Mozilla Bugzilla	Version 2.14
Mozilla Bugzilla	Version 2.16
Mozilla Bugzilla	Version 2.16 rc1

References (10)

http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

Source: cve@mitre.org

PatchVendor Advisory

http://bugzilla.mozilla.org/show_bug.cgi?id=148674

Source: cve@mitre.org

http://www.iss.net/security_center/static/10141.php

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2002-109.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/4964

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://bugzilla.mozilla.org/show_bug.cgi?id=148674

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.iss.net/security_center/static/10141.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2002-109.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/4964

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.