Vulnerabilities

CVE-2009-3989

by Fred · 03/02/2010

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.

Date published : 2010-02-03

http://www.securityfocus.com/bid/38025

http://www.securityfocus.com/archive/1/509282/100/0/threaded

Similar

Tags: Cybersecurity Alert