By Kunal Vohra, Director@H2K
A critical vulnerability in the popular web-based Bug tracking tool "Bugzilla" allows hackers to view the details of any undisclosed vulnerabilities.
Bugzilla is an open source bug tracking program developed by Mozilla and being used by many large organizations including RedHat, Linux Kernel, Gnome, Apache.
Vulnerability researchers at Check Point Software Technologies reported the bug to Mozilla that allows anyone to register with email address of the targeted domain (for example, admin@mozilla.com) and bypass email validation.
Researcher exploited the vulnerability and managed to create administrator accounts for the Mozilla.org, Mozilla.com and Bugzilla.org.
Gervase Markham from Mozilla wrote a detailed technical post. The attack method appears to be "HTTP Parameter Pollution(HPP)" technique.
A critical vulnerability in the popular web-based Bug tracking tool "Bugzilla" allows hackers to view the details of any undisclosed vulnerabilities.
Bugzilla is an open source bug tracking program developed by Mozilla and being used by many large organizations including RedHat, Linux Kernel, Gnome, Apache.
Vulnerability researchers at Check Point Software Technologies reported the bug to Mozilla that allows anyone to register with email address of the targeted domain (for example, admin@mozilla.com) and bypass email validation.
Researcher exploited the vulnerability and managed to create administrator accounts for the Mozilla.org, Mozilla.com and Bugzilla.org.
Gervase Markham from Mozilla wrote a detailed technical post. The attack method appears to be "HTTP Parameter Pollution(HPP)" technique.
No comments:
Post a Comment