CVE-2009-0486
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
09/02/2009
Last modified:
25/03/2009
Description
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:mozilla:bugzilla:3.0.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:mozilla:bugzilla:3.2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:mozilla:bugzilla:3.3.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page