CVE-2007-5038
CVE-2007-5038
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://fedoranews.org/updates/FEDORA-2007-229.shtmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=395632https://bugzilla.redhat.com/show_bug.cgi?id=299981http://secunia.com/advisories/26848http://secunia.com/advisories/26969https://exchange.xforce.ibmcloud.com/vulnerabilities/36692http://www.bugzilla.org/security/3.0.1/http://www.securityfocus.com/archive/1/480077/100/0/threadedhttp://www.securityfocus.com/bid/25725http://www.securitytracker.com/id?1018719http://www.vupen.com/english/advisories/2007/3200