CVE-2009-3989

CVE-2009-3989 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.

Learn more about our Web Application Penetration Testing UK.