Vulnerability CVE-2015-4499


Published: 2015-09-13   Modified: 2015-09-14

Description:
Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address.

Vendor: Mozilla
Product: Bugzilla 
Version:
5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4
4.3.3
4.3.2
4.3.1
4.3
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.14
4.2.13
4.2.12
4.2.11
4.2.1
4.2
4.1.3
4.1.2
4.1.1
4.1
4.0.9
4.0.8
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
4.0.16
4.0.13
4.0.12
4.0.11
4.0.10
4.0.1
4.0
3.7.3
3.7.2
3.7.1
3.7
3.6.9
3.6.8
3.6.7
3.6.6
3.6.5
3.6.4
3.6.3
3.6.2
3.6.13
3.6.12
3.6.11
3.6.10
3.6.1
3.6.0
3.6
3.5.3
3.5.2
3.5.1
3.5
3.4.9
3.4.8
3.4.7
3.4.6
3.4.5
3.4.4
3.4.3
3.4.2
3.4.13
3.4.12
3.4.11
3.4.10
3.4.1
3.4
3.3.4
3.3.3
3.3.2
3.3.1
3.3
3.2.9
3.2.8
3.2.7
3.2.6
3.2.5
3.2.4
3.2.3
3.2.2
3.2.10
3.2.1
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168725.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169946.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169983.html
http://packetstormsecurity.com/files/133578/Bugzilla-Unauthorized-Account-Creation.html
http://seclists.org/bugtraq/2015/Sep/48
http://seclists.org/bugtraq/2015/Sep/49
http://www.securitytracker.com/id/1033542
https://bug1202447.bmoattachments.org/attachment.cgi?id=8657861
https://bugzilla.mozilla.org/show_bug.cgi?id=1202447

Related CVE
CVE-2016-9574
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
CVE-2018-8024
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause...
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the loc...
CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual mac...
CVE-2018-12433
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different...
CVE-2018-5185
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5184
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 5...

Copyright 2018, cxsecurity.com

 

Back to Top