Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Bugzilla URL口令信息泄露漏洞
Vulnerability Description
Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 由于$cgi->query_string在不合适的情况下返回了POST变量,用户在重置口令后立即重新登录时,浏览器的URL中会泄露口令,这也意味着Bugzilla Webserver的日志中和登录后立即点击链接的页面Referer头中可能会出现口令。
CVSS Information
N/A
Vulnerability Type
N/A