CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2001-0329

Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.044

EPSS Ranking 88.5%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.atstake.com/research/advisories/2001/a043001-1.txt
http://www.mozilla.org/projects/bugzilla/security2_12.html
http://www.securityfocus.com/bid/1199
http://www.atstake.com/research/advisories/2001/a043001-1.txt
http://www.mozilla.org/projects/bugzilla/security2_12.html
http://www.securityfocus.com/bid/1199

Products affected by CVE-2001-0329

Mozilla » Bugzilla » Version: 2.10

cpe:2.3:a:mozilla:bugzilla:2.10
Mozilla » Bugzilla » Version: 2.4

cpe:2.3:a:mozilla:bugzilla:2.4
Mozilla » Bugzilla » Version: 2.6

cpe:2.3:a:mozilla:bugzilla:2.6
Mozilla » Bugzilla » Version: 2.8

cpe:2.3:a:mozilla:bugzilla:2.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2001-0329

Products

Pricing

Contact Us