CVE-2007-0792 in Bugzillainfo

Summary

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

02/06/2007

Disclosure

02/06/2007

Moderation

VulDB entry created

Entries

VDB-34852 (1)

CPE

ready

CWE

CWE-269 (Confirmed)

CVSS

7.3

EPSS

0.00962

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-0792
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0792
CVE Details	https://www.cvedetails.com/cve/CVE-2007-0792/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!