CVE-2004-0702

DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=108965446813639&w=2
http://www.securityfocus.com/bid/10698	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16673
http://marc.info/?l=bugtraq&m=108965446813639&w=2
http://www.securityfocus.com/bid/10698	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16673

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:bugzilla:2.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.8:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.10:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.12:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.7:::::::*

History

No history.

Information

Published : 2004-07-27 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-0702

Mitre link : CVE-2004-0702

CVE.ORG link : CVE-2004-0702

JSON object : View

Products Affected

mozilla

bugzilla

CWE

NVD-CWE-Other

{"id": "CVE-2004-0702", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-07-27T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=108965446813639&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10698", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16673", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=108965446813639&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/10698", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16673", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information."}, {"lang": "es", "value": "DBI de Bugzilla 2.17.1 a 2.17.7 muestra la contrase\u00f1a de la base de datos en un mensaje de error cuando el servidor SQL no est\u00e1 corriendo, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8112FF13-B4CE-4DC7-85B1-C69D975F162B"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86F5A3CA-E4A6-4E51-AC83-0C8F3E5E2C4E"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6E5E379-D475-42F3-B0DC-3D04C1D25566"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "893741D3-062B-45F9-B5A3-1B81058E7FD7"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8D53B5F-6AEE-4192-B838-E1DA92C59285"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1883A98C-E595-4F3C-87BF-A63393F9F561"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD49E53A-5676-4FAC-A8A2-30FAC04C33D7"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1084AF8E-5269-4EFF-BBD2-C5A77945FCF2"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9A4B035-B73E-48E9-BBB9-83219F5D2A95"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9452C271-2812-4775-8396-394C642EACFD"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D351AF2-C0AB-4BB3-8692-677A3025A615"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16D338E-C5BC-46E1-95DD-D9B0E25EE56E"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F19219-3AFD-4D8E-B02B-BFCBD1BC7C36"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B900D9A7-913A-4176-90CF-C7C3B09A4261"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B692910E-633D-4A88-B245-56A2B58DD4CB"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F86EE5DB-442B-4C78-8152-AF1048C6A974"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19B82A1A-56EB-41D5-8619-2A717E3A6ECF"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B2FC5C7-B218-4B87-9805-F90AC0E7A281"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBCDA64F-C49A-4F5B-B285-4079D8E3A499"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85ED3457-CC21-4DB3-931F-677F723E1B2A"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C8711D3-55CF-4131-BBAC-6BE07068219F"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF54FFA5-5177-46E6-9AFA-BA3345C16E8A"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69D7EA7C-B401-4F5A-AC08-2199DD117403"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC2DDC7C-CD2B-4597-A5E0-266A884958FC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}