TROYANOSYVIRUS
Voltar para CVEs

CVE-2007-5038

N/A

Descricao

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado9/24/2007
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

mozilla:bugzilla

Fraquezas (CWE)

CWE-264

Referencias

http://fedoranews.org/updates/FEDORA-2007-229.shtml(cve@mitre.org)
http://secunia.com/advisories/26848(cve@mitre.org)
http://secunia.com/advisories/26969(cve@mitre.org)
http://www.bugzilla.org/security/3.0.1/(cve@mitre.org)
http://www.securityfocus.com/archive/1/480077/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/25725(cve@mitre.org)
http://www.securitytracker.com/id?1018719(cve@mitre.org)
http://www.vupen.com/english/advisories/2007/3200(cve@mitre.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=395632(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=299981(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36692(cve@mitre.org)
http://fedoranews.org/updates/FEDORA-2007-229.shtml(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26848(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26969(af854a3a-2127-422b-91ae-364da2661108)
http://www.bugzilla.org/security/3.0.1/(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/480077/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25725(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018719(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3200(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=395632(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=299981(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36692(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.