Bugzilla Sensitive Information Disclosure Vulnerability

Bugzilla is a web-based bug-tracking system based on Perl and MySQL.

Bugzilla ships with a a file called 'globals.pl', containing global variables and other information used by various Bugzilla components.

Because of its location and file extension, some webservers may dislose its contents to clients that explicit request it.

This can disclose sensitive information, such as the database login and password to a remote attacker.


 

Privacy Statement
Copyright 2010, SecurityFocus