CVE-2007-0792

Published: Feb 6, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

Affected (1)

Products: Mozilla: Bugzilla

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 2.23.3

References (16)

http://osvdb.org/35862

Source: cve@mitre.org

http://securityreason.com/securityalert/2222

Source: cve@mitre.org

http://securitytracker.com/id?1017585

Source: cve@mitre.org

http://www.bugzilla.org/security/2.20.3/

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/459025/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/22380

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0477

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/32252

Source: cve@mitre.org

http://osvdb.org/35862

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/2222

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1017585

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.bugzilla.org/security/2.20.3/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/459025/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/22380

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/0477

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/32252

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.