2.1 CVE-2011-2977

Patch
 

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6.
https://nvd.nist.gov/vuln/detail/CVE-2011-2977

Categories

CWE-NVD-Other

References


 

CPE

cpe start end
Configuration 1
   cpe:2.3:a:mozilla:bugzilla:3.6.0:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.6.1:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.6.3:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.6.4:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.6.5:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*
   cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*


REMEDIATION


Patch

Url
https://bugzilla.mozilla.org/show_bug.cgi?id=660502


EXPLOITS


Exploit-db.com

id description date
No known exploits

Other (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry


MITRE