Back to search
CVE-2013-0786
Published: Feb 24, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debug mode for a query.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2013:066
vendor-advisory
x_refsource_MANDRIVA
https://bugzilla.mozilla.org/show_bug.cgi?id=824399
x_refsource_CONFIRM
http://www.bugzilla.org/security/3.6.12/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now