Mozilla Bugzilla 'Bug.create()' WebService Function SQL Injection Vulnerability

Bugtraq ID: 36373
Class: Input Validation Error
CVE: CVE-2009-3165
Remote: Yes
Local: No
Published: Sep 11 2009 12:00AM
Updated: May 07 2015 05:12PM
Credit: Max Kanat-Alexander
Vulnerable: Mozilla Bugzilla 3.4.1
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.3
Mozilla Bugzilla 3.2.2
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.1.4
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 3.1.2
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.1
Mozilla Bugzilla 3.0.8
Mozilla Bugzilla 3.0.7
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.0
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.23.3
Mozilla Bugzilla 2.23.2
Mozilla Bugzilla 2.9
Mozilla Bugzilla 2.8
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 3.5
Mozilla Bugzilla 3.4 rc1
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.2rc2
Mozilla Bugzilla 3.2rc1
Mozilla Bugzilla 3.2
Gentoo Linux
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Not Vulnerable: Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.0.9


 

Privacy Statement
Copyright 2010, SecurityFocus