SNS Vulnerability

Bugzilla Multiple Cross Site Scripting and Request Forgery Vulnerabilities

Description

Multiple vulnerabilities have been identified in Bugzilla, which could be exploited by attackers to bypass security restrictions, disclose sensitive information or manipulate certain data.
The first issue is caused due to the application calling "srand()" at compile time, which could cause identical random strings to be generated when using mod_perl, allowing an attacker to bypass CSRF protections or gain knowledge of sensitive information.
The second vulnerability is caused by an error when processing uploaded HTML or JavaScript attachments, which could allow malicious users to conduct cross site scripting attacks.
The third issue is caused by an error when processing calls to "process_bug.cgi" while updating a bug, which could be exploited to conduct cross site request forgery attacks.
The fourth vulnerability is caused due to the application not validating certain requests when deleting saved searches, keywords, or unused flags, or when updating user preferences, which could be exploited to conduct cross site request forgery attacks.

Vulnerable Products

Vulnerable Software:
Bugzilla versions prior to 2.22.7Bugzilla versions prior to 3.0.7Bugzilla versions prior to 3.2.1Bugzilla versions prior to 3.3.2

Solution

Upgrade to Bugzilla version 2.22.7, 3.0.7, 3.2.1, or 3.3.2 : http://www.bugzilla.org/download/

CVE

CVE-2009-0486
CVE-2009-0485
CVE-2009-0484
CVE-2009-0483
CVE-2009-0482
CVE-2009-0481

References

http://www.bugzilla.org/security/3.0.7/
http://www.bugzilla.org/security/2.22.6/

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2009-02-03

Target Type

Server

Possible exploit

Local & Remote