CVE-2006-5454

Published: Oct 23, 2006Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.

Affected (18)

Products: Mozilla: Bugzilla

1 product

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 2.18.1
Mozilla Bugzilla	Version 2.18.2
Mozilla Bugzilla	Version 2.18.3
Mozilla Bugzilla	Version 2.18.4
Mozilla Bugzilla	Version 2.18.5
Mozilla Bugzilla	Version 2.18
Mozilla Bugzilla	Version 2.18 rc1
Mozilla Bugzilla	Version 2.18 rc2
Mozilla Bugzilla	Version 2.18 rc3
Mozilla Bugzilla	Version 2.20.1
Mozilla Bugzilla	Version 2.20.2
Mozilla Bugzilla	Version 2.20
Mozilla Bugzilla	Version 2.20 rc1
Mozilla Bugzilla	Version 2.20 rc2
Mozilla Bugzilla	Version 2.22
Mozilla Bugzilla	Version 2.23.1
Mozilla Bugzilla	Version 2.23.2
Mozilla Bugzilla	Version 2.23

References (26)

http://secunia.com/advisories/22409

Source: cve@mitre.org

http://secunia.com/advisories/22790

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200611-04.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/1760

Source: cve@mitre.org

http://securitytracker.com/id?1017064

Source: cve@mitre.org

Patch

http://www.bugzilla.org/security/2.18.5/

Source: cve@mitre.org

http://www.osvdb.org/29546

Source: cve@mitre.org

http://www.osvdb.org/29547

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/448777/100/100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/20538

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4035

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=346086

Source: cve@mitre.org

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=346564

Source: cve@mitre.org

Patch

http://secunia.com/advisories/22409

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22790

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200611-04.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/1760

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1017064

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.bugzilla.org/security/2.18.5/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29546

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29547

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/448777/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/20538

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/4035

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=346086

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=346564

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.