QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4499

Published: Sep 14, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2015-15768

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_SECTRACK

20150910 Security Advisory for Bugzilla 5.0, 4.4.9, and 4.2.14

mailing-list

x_refsource_BUGTRAQ

https://bug1202447.bmoattachments.org/attachment.cgi?id=8657861

x_refsource_MISC

20150910 Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/133578/Bugzilla-Unauthorized-Account-Creation.html

x_refsource_MISC

FEDORA-2015-15769

vendor-advisory

x_refsource_FEDORA

FEDORA-2015-15767

vendor-advisory

x_refsource_FEDORA

https://bugzilla.mozilla.org/show_bug.cgi?id=1202447

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.