CVE-2010-2758 Information
Description
Bugzilla 2.17.1 through 3.2.7 3.3.1 through 3.4.7 3.5.1 through 3.6.1 and 3.7 through 3.7.2 generates different error messages depending on whether a product exists which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7/ http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/2205 https://bugzilla.mozilla.org/show_bug.cgi?id=519835 https://bugzilla.mozilla.org/show_bug.cgi?id=577139 https://bugzilla.redhat.com/show_bug.cgi?id=623423
Share on: