CVE-2011-2979

{"id": "CVE-2011-2979", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-08-09T19:55:01.683", "references": [{"url": "http://secunia.com/advisories/45501", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.bugzilla.org/security/3.4.11/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2011/dsa-2322", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/74298", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/74299", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/49042", "source": "cve@mitre.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=674497", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69166", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression."}, {"lang": "es", "value": "Bugzilla 4.1.x anteriores a 4.1.3 genera respuestas distintas a peticiones determinadas sobre la persona asignada (\"assignee\") dependiendo de si el nombre del grupo es v\u00e1lido, lo que permite a atacantes remotos determinar la existencia de nombres de grupos privados a trav\u00e9s de una b\u00fasqueda. NOTE: esta vulnerabilidad existe debido a una regresi\u00f3n de CVE-2010-2756."}], "lastModified": "2017-08-29T01:29:53.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85CDC579-6967-4E5C-B716-B2BC04F6DBF2"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27783033-F558-427C-89A7-C3638C57F2A0"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E91557C7-8C53-49C4-8BC5-7F86D4AA09B8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}