CVE-2009-3989 Information

Description

Bugzilla before 3.0.11 3.2.x before 3.2.6 3.4.x before 3.4.5 and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations which allows remote attackers to obtain sensitive information via requests for (1) CVS/ (2) contrib/ (3) docs/en/xml/ (4) t/ or (5) old-params.txt.

Reference

http://secunia.com/advisories/38443 http://www.securityfocus.com/archive/1/509282/100/0/threaded http://www.securityfocus.com/bid/38025 http://www.vupen.com/english/advisories/2010/0261 https://bugzilla.mozilla.org/show_bug.cgi?id=314871 https://bugzilla.mozilla.org/show_bug.cgi?id=434801 https://exchange.xforce.ibmcloud.com/vulnerabilities/56003