CVE-2002-1196
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/10/2002
Last modified:
03/04/2025
Description
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
- http://marc.info/?l=bugtraq&m=103349804226566&w=2
- http://www.debian.org/security/2002/dsa-173
- http://www.iss.net/security_center/static/10233.php
- http://www.securityfocus.com/bid/5843
- http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
- http://marc.info/?l=bugtraq&m=103349804226566&w=2
- http://www.debian.org/security/2002/dsa-173
- http://www.iss.net/security_center/static/10233.php
- http://www.securityfocus.com/bid/5843