FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-5454

This CVE name corresponds to:

Entered Topic
2006-11-11 bugzilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-5454
Phase Assigned(20061023)

Description

Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.

References

Source Reference
BUGTRAQ 20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=346086
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=346564
CONFIRM http://www.bugzilla.org/security/2.18.5/
GENTOO GLSA-200611-04
BID 20538
VUPEN ADV-2006-4035
OSVDB 29546
OSVDB 29547
SECTRACK 1017064
SECUNIA 22790
SECUNIA 22409
SREASON 1760