CVE-2007-5038 Information
Description
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2 and 3.1.x before 3.1.2 does not check the value of the createemailregexp parameter which allows remote attackers to bypass intended restrictions on account creation.
Reference
http://fedoranews.org/updates/FEDORA-2007-229.shtml http://secunia.com/advisories/26848 http://secunia.com/advisories/26969 http://www.bugzilla.org/security/3.0.1/ http://www.securityfocus.com/archive/1/480077/100/0/threaded http://www.securityfocus.com/bid/25725 http://www.securitytracker.com/id?1018719 http://www.vupen.com/english/advisories/2007/3200 https://bugzilla.mozilla.org/show_bug.cgi?id=395632 https://bugzilla.redhat.com/show_bug.cgi?id=299981 https://exchange.xforce.ibmcloud.com/vulnerabilities/36692
Share on: