Vulnerability Details CVE-2002-1196
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
- http://marc.info/?l=bugtraq&m=103349804226566&w=2
- http://www.debian.org/security/2002/dsa-173
- http://www.iss.net/security_center/static/10233.php
- http://www.securityfocus.com/bid/5843
- http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
- http://marc.info/?l=bugtraq&m=103349804226566&w=2
- http://www.debian.org/security/2002/dsa-173
- http://www.iss.net/security_center/static/10233.php
- http://www.securityfocus.com/bid/5843
Products affected by CVE-2002-1196
-
cpe:2.3:a:mozilla:bugzilla:2.14
-
cpe:2.3:a:mozilla:bugzilla:2.14.1
-
cpe:2.3:a:mozilla:bugzilla:2.14.2
-
cpe:2.3:a:mozilla:bugzilla:2.14.3
-
cpe:2.3:a:mozilla:bugzilla:2.16