FKIE_CVE-2003-0013

Vulnerability from fkie_nvd - Published: 2003-01-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104154319200399&w=2
cve@mitre.orghttp://www.debian.org/security/2003/dsa-230Patch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/10970.php
cve@mitre.orghttp://www.osvdb.org/6351
cve@mitre.orghttp://www.securityfocus.com/bid/6501
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104154319200399&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-230Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10970.php
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/6351
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6501
Impacted products
Vendor Product Version
mozilla bugzilla 2.14
mozilla bugzilla 2.14.1
mozilla bugzilla 2.14.2
mozilla bugzilla 2.14.3
mozilla bugzilla 2.14.4
mozilla bugzilla 2.16
mozilla bugzilla 2.16.1
mozilla bugzilla 2.17
mozilla bugzilla 2.17.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1883A98C-E595-4F3C-87BF-A63393F9F561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD49E53A-5676-4FAC-A8A2-30FAC04C33D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1084AF8E-5269-4EFF-BBD2-C5A77945FCF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9A4B035-B73E-48E9-BBB9-83219F5D2A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9452C271-2812-4775-8396-394C642EACFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F16D338E-C5BC-46E1-95DD-D9B0E25EE56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F19219-3AFD-4D8E-B02B-BFCBD1BC7C36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2FC5C7-B218-4B87-9805-F90AC0E7A281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCDA64F-C49A-4F5B-B285-4079D8E3A499",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file."
    },
    {
      "lang": "es",
      "value": "Los scripts .htaccess por defecto en Bugzilla 2.14.x anteriores a 2.14.5, 2.16.x anteriores a 2.16.2, y 2.17.x anteriores a 2.17.3 no bloquean el acceso a copias de seguridad del fichero localconfig que son hechas por editores como vi y Emacs, lo que podr\u00eda permitir a atacantes remotos obtener una contrase\u00f1a de la base de datos accediendo directamente al fichero copia de seguridad."
    }
  ],
  "id": "CVE-2003-0013",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-01-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104154319200399\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2003/dsa-230"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/10970.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/6351"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104154319200399\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2003/dsa-230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/10970.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/6351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6501"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.