CVE-2009-3989

Metadata

CVE-2009-3989
4.3
securityfocus.com, securityfocus.com, vupen.com, bugzilla.mozilla.org, bugzilla.mozilla.org, exchange.xforce.ibmcloud.com
2010-02-03
2017-08-17 06:10

Description

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.

Related Vulnerabilities

platform vulnerability
CVE-2009-3989