The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-09-01T04:00:00
Updated: 2024-08-08T01:36:25.397Z
Reserved: 2003-01-06T00:00:00
Link: CVE-2003-0013
Vulnrichment
No data.
NVD
Status : Modified
Published: 2003-01-17T05:00:00.000
Modified: 2024-11-20T23:43:44.017
Link: CVE-2003-0013
Redhat
No data.