CVE-2012-0453

Published: Feb 25, 2012Modified: Apr 29, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.

Affected (8)

Products: Mozilla: Bugzilla

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 4.0.2
Mozilla Bugzilla	Version 4.0.3
Mozilla Bugzilla	Version 4.0.4

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 4.1.1
Mozilla Bugzilla	Version 4.1.2
Mozilla Bugzilla	Version 4.1.3
Mozilla Bugzilla	Version 4.2 rc1
Mozilla Bugzilla	Version 4.2 rc2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www.bugzilla.org/security/4.0.4/

Source: cve@mitre.org

PatchVendor Advisory

http://www.securitytracker.com/id?1026737

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=725663

Source: cve@mitre.org

Patch

http://www.bugzilla.org/security/4.0.4/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securitytracker.com/id?1026737

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=725663

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.