A Bug in Bug Tracker called Bugzilla exposes Private Bugs

November 13th, 2014

A critical vulnerability in the popular web-based Bug tracking tool “Bugzilla” allows hackers to view the details of any undisclosed vulnerabilities.
A critical vulnerability in the popular web-based Bug tracking tool “Bugzilla” allows hackers to view the details of any undisclosed vulnerabilities. – See more at: http://www.ehackingnews.com/2014/10/http-parameter-pollution-bugzilla-vulnerability.html#sthash.

Bugzilla is an open source bug tracking program developed by Mozilla and being used by many large organizations including RedHat, Linux Kernel, Gnome, Apache.

Vulnerability researchers at Check Point Software Technologies reported the bug to Mozilla that allows anyone to register with email address of the targeted domain (for example, admin@mozilla.com) and bypass email validation.

Researcher exploited the vulnerability and managed to create administrator accounts for the Mozilla.org, Mozilla.com and Bugzilla.org. – See more at: http://www.ehackingnews.com/2014/10/http-parameter-pollution-bugzilla-vulnerability.html#sthash.OCqj8Ewi.dpuf

 

Entry Filed under: All

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed


Calendar

November 2014
M T W T F S S
« Oct    
 12
3456789
10111213141516
17181920212223
24252627282930

Most Recent Posts