Back to search
CVE-2003-0013
Published: Sep 1, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
6351
vdb-entry
x_refsource_OSVDB
6501
vdb-entry
x_refsource_BID
bugzilla-htaccess-database-password(10970)
vdb-entry
x_refsource_XF
20030102 [BUGZILLA] Security Advisory - remote database password disclosure
mailing-list
x_refsource_BUGTRAQ
DSA-230
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now