CVE-2007-5038 - OpenCVE

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Bugzilla

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:bugzilla:3.0.0:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.0.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.1.0:::::::*
	cpe:2.3:a:mozilla:bugzilla:3.1.1:::::::*

No data.

References

Link	Providers
http://fedoranews.org/updates/FEDORA-2007-229.shtml
http://secunia.com/advisories/26848
http://secunia.com/advisories/26969
http://www.bugzilla.org/security/3.0.1/
http://www.securityfocus.com/archive/1/480077/100/0/threaded
http://www.securityfocus.com/bid/25725
http://www.securitytracker.com/id?1018719
http://www.vupen.com/english/advisories/2007/3200
https://bugzilla.mozilla.org/show_bug.cgi?id=395632
https://bugzilla.redhat.com/show_bug.cgi?id=299981
https://exchange.xforce.ibmcloud.com/vulnerabilities/36692

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-24T00:00:00

Updated: 2024-08-07T15:17:28.103Z

Reserved: 2007-09-23T00:00:00

Link: CVE-2007-5038

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-09-24T00:17:00.000

Modified: 2018-10-15T21:40:05.490

Link: CVE-2007-5038

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-19T00:00:00", "descriptions": [{"lang": "en", "value": "The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2007-2299", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/updates/FEDORA-2007-229.shtml"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=395632"}, {"name": "ADV-2007-3200", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3200"}, {"name": "20070919 Security Advisory for Bugzilla 3.0.1 and 3.1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/480077/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299981"}, {"name": "26969", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26969"}, {"name": "1018719", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018719"}, {"name": "26848", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26848"}, {"name": "bugzilla-offeraccount-security-bypass(36692)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36692"}, {"name": "25725", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25725"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.bugzilla.org/security/3.0.1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5038", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2007-2299", "refsource": "FEDORA", "url": "http://fedoranews.org/updates/FEDORA-2007-229.shtml"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=395632", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=395632"}, {"name": "ADV-2007-3200", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3200"}, {"name": "20070919 Security Advisory for Bugzilla 3.0.1 and 3.1.1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/480077/100/0/threaded"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=299981", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299981"}, {"name": "26969", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26969"}, {"name": "1018719", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018719"}, {"name": "26848", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26848"}, {"name": "bugzilla-offeraccount-security-bypass(36692)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36692"}, {"name": "25725", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25725"}, {"name": "http://www.bugzilla.org/security/3.0.1/", "refsource": "CONFIRM", "url": "http://www.bugzilla.org/security/3.0.1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:28.103Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2007-2299", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/updates/FEDORA-2007-229.shtml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=395632"}, {"name": "ADV-2007-3200", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3200"}, {"name": "20070919 Security Advisory for Bugzilla 3.0.1 and 3.1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/480077/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299981"}, {"name": "26969", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26969"}, {"name": "1018719", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018719"}, {"name": "26848", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26848"}, {"name": "bugzilla-offeraccount-security-bypass(36692)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36692"}, {"name": "25725", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25725"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.bugzilla.org/security/3.0.1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5038", "datePublished": "2007-09-24T00:00:00", "dateReserved": "2007-09-23T00:00:00", "dateUpdated": "2024-08-07T15:17:28.103Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "45C36666-518F-4956-816A-940930425955", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FF2DF96F-E45E-45AF-85E5-E939F923EC1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "154EA18F-534C-4095-837D-BB9865D25F23", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "585F05F2-B294-4218-9209-C487B4D2994B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation."}, {"lang": "es", "value": "La funci\u00f3n offer_account_by_email en User.pm en el WebService para Bugzilla before 3.0.2, y 3.1.x anterior a 3.1.2, no valida el valor del par\u00e1metro createemailregexp, el cual permite a atacantes remotos evitar las restricciones previstas sobre la creaci\u00f3n de una cuenta."}], "id": "CVE-2007-5038", "lastModified": "2018-10-15T21:40:05.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-24T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://fedoranews.org/updates/FEDORA-2007-229.shtml"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26848"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26969"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.bugzilla.org/security/3.0.1/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/480077/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25725"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018719"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3200"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=395632"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299981"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36692"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}