CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0007

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile31.37th
PublishedJan 31, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Bugzilla

<= 2.14.1

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
πŸ”— http://bugzilla.mozilla.org/show_bug.cgi?id=54901
πŸ”— http://rhn.redhat.com/errata/RHSA-2002-001.html
πŸ”— http://www.bugzilla.org/security2_14_1.html
πŸ”— http://www.securityfocus.com/bid/3792
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/7812
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
πŸ”— http://bugzilla.mozilla.org/show_bug.cgi?id=54901

Related Vulnerabilities

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2003-104210.0

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts...

CVE-2019-10030668.8

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi...

CVE-2018-51238.8

A third party website can access information available to a user with access to a restricted bug entry using the image generation ...