CyberSec.Space Logo
返回 CVE 浏览器

CVE-2002-0007

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile31.37th
Published2002年1月31日
Last Modified2026年4月16日

Vulnerability Description

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.

Affected Platforms (CPE)

📦
Mozilla

Bugzilla

<= 2.14.1

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
🔗 http://bugzilla.mozilla.org/show_bug.cgi?id=54901
🔗 http://rhn.redhat.com/errata/RHSA-2002-001.html
🔗 http://www.bugzilla.org/security2_14_1.html
🔗 http://www.securityfocus.com/bid/3792
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/7812
🔗 http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
🔗 http://bugzilla.mozilla.org/show_bug.cgi?id=54901

相关漏洞威胁

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2003-104210.0

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts...

CVE-2019-10030668.8

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi...

CVE-2018-51238.8

A third party website can access information available to a user with access to a restricted bug entry using the image generation ...