What is the severity of CVE-2010-2758?

CVE-2010-2758 is considered a moderate vulnerability due to its potential to aid attackers in guessing product names.

How do I fix CVE-2010-2758?

To mitigate CVE-2010-2758, upgrade to a version of Bugzilla that is not affected, specifically newer than 3.6.1.

What products are affected by CVE-2010-2758?

CVE-2010-2758 affects Bugzilla versions from 2.17.1 to 3.6.1 and includes specific versions leading up to 3.7.2.

Which Bugzilla versions should be upgraded to avoid CVE-2010-2758?

You should upgrade to Bugzilla version 3.7.3 or later to avoid CVE-2010-2758.

What type of attacks does CVE-2010-2758 facilitate?

CVE-2010-2758 facilitates enumeration attacks, allowing remote attackers to discover product names.

Vulnerability/
CVE-2010-2758

medium

CWE

200

16/8/2010

8/9/2010

CVE-2010-2758: Infoleak

First published: Mon Aug 16 2010(Updated: )

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Bugzilla	=3.0.4
Mozilla Bugzilla	=3.0-rc1
Mozilla Bugzilla	=3.1.3
Mozilla Bugzilla	=2.18.6\+
Mozilla Bugzilla	=3.0.0
Mozilla Bugzilla	=2.22.7
Mozilla Bugzilla	=3.7.2
Mozilla Bugzilla	=3.4.3
Mozilla Bugzilla	=3.3.2
Mozilla Bugzilla	=3.0.1
Mozilla Bugzilla	=2.18.8
Mozilla Bugzilla	=2.17.6
Mozilla Bugzilla	=2.18.5
Mozilla Bugzilla	=2.19.3
Mozilla Bugzilla	=2.20-rc2
Mozilla Bugzilla	=2.18.6
Mozilla Bugzilla	=2.17.2
Mozilla Bugzilla	=2.20-rc1
Mozilla Bugzilla	=2.20
Mozilla Bugzilla	=2.19
Mozilla Bugzilla	=2.18-rc1
Mozilla Bugzilla	=3.6.1
Mozilla Bugzilla	=3.2.6
Mozilla Bugzilla	=3.1.1
Mozilla Bugzilla	=3.7.1
Mozilla Bugzilla	=3.7
Mozilla Bugzilla	=3.4.2
Mozilla Bugzilla	=3.1.2
Mozilla Bugzilla	=3.5.3
Mozilla Bugzilla	=3.2.5
Mozilla Bugzilla	=3.3.4
Mozilla Bugzilla	=2.20.5
Mozilla Bugzilla	=2.20.6
Mozilla Bugzilla	=2.22.3
Mozilla Bugzilla	=3.6
Mozilla Bugzilla	=2.22.6
Mozilla Bugzilla	=2.17.4
Mozilla Bugzilla	=2.23.2
Mozilla Bugzilla	=2.21.2
Mozilla Bugzilla	=2.17.1
Mozilla Bugzilla	=3.2.3
Mozilla Bugzilla	=2.22.1
Mozilla Bugzilla	=2.23.4
Mozilla Bugzilla	=3.5.2
Mozilla Bugzilla	=3.0
Mozilla Bugzilla	=3.5.1
Mozilla Bugzilla	=3.0.11
Mozilla Bugzilla	=3.0.6
Mozilla Bugzilla	=2.20.1
Mozilla Bugzilla	=2.23.3
Mozilla Bugzilla	=3.0.7
Mozilla Bugzilla	=2.18.7
Mozilla Bugzilla	=2.23.1
Mozilla Bugzilla	=2.18.1
Mozilla Bugzilla	=2.22-rc1
Mozilla Bugzilla	=2.22.5
Mozilla Bugzilla	=3.4.1
Mozilla Bugzilla	=3.4.4
Mozilla Bugzilla	=2.19.1
Mozilla Bugzilla	=2.6
Mozilla Bugzilla	=3.4.7
Mozilla Bugzilla	=2.17.5
Mozilla Bugzilla	=2.22
Mozilla Bugzilla	=3.1.0
Mozilla Bugzilla	=2.17.3
Mozilla Bugzilla	=2.4
Mozilla Bugzilla	=3.0.3
Mozilla Bugzilla	=3.2
Mozilla Bugzilla	=2.20.3
Mozilla Bugzilla	=3.0.9
Mozilla Bugzilla	=2.8
Mozilla Bugzilla	=3.2.4
Mozilla Bugzilla	=2.2
Mozilla Bugzilla	=3.0.2
Mozilla Bugzilla	=3.3.3
Mozilla Bugzilla	=2.18.4
Mozilla Bugzilla	=3.2.2
Mozilla Bugzilla	=2.18.9
Mozilla Bugzilla	=2.18
Mozilla Bugzilla	=2.18.3
Mozilla Bugzilla	=2.17.7
Mozilla Bugzilla	=3.0.10
Mozilla Bugzilla	=2.20.7
Mozilla Bugzilla	=3.0.8
Mozilla Bugzilla	=2.20.2
Mozilla Bugzilla	=2.20.4
Mozilla Bugzilla	=2.21.1
Mozilla Bugzilla	=2.18-rc3
Mozilla Bugzilla	=2.23
Mozilla Bugzilla	=3.2.7
Mozilla Bugzilla	=2.9
Mozilla Bugzilla	=2.18.2
Mozilla Bugzilla	=2.18-rc2
Mozilla Bugzilla	=3.4.5
Mozilla Bugzilla	=3.0.5
Mozilla Bugzilla	=2.22.4
Mozilla Bugzilla	=2.21
Mozilla Bugzilla	=3.3.1
Mozilla Bugzilla	=3.4.6
Mozilla Bugzilla	=2.19.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2758?
CVE-2010-2758 is considered a moderate vulnerability due to its potential to aid attackers in guessing product names.
How do I fix CVE-2010-2758?
To mitigate CVE-2010-2758, upgrade to a version of Bugzilla that is not affected, specifically newer than 3.6.1.
What products are affected by CVE-2010-2758?
CVE-2010-2758 affects Bugzilla versions from 2.17.1 to 3.6.1 and includes specific versions leading up to 3.7.2.
Which Bugzilla versions should be upgraded to avoid CVE-2010-2758?
You should upgrade to Bugzilla version 3.7.3 or later to avoid CVE-2010-2758.
What type of attacks does CVE-2010-2758 facilitate?
CVE-2010-2758 facilitates enumeration attacks, allowing remote attackers to discover product names.

collector/nvd-historical
collector/nvd-index
agent/severity
agent/references
agent/weakness
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
vendor/mozilla
canonical/mozilla bugzilla
version/mozilla bugzilla/3.0.4
version/mozilla bugzilla/3.0-rc1
version/mozilla bugzilla/3.1.3
version/mozilla bugzilla/2.18.6\+
version/mozilla bugzilla/3.0.0
version/mozilla bugzilla/2.22.7
version/mozilla bugzilla/3.7.2
version/mozilla bugzilla/3.4.3
version/mozilla bugzilla/3.3.2
version/mozilla bugzilla/3.0.1
version/mozilla bugzilla/2.18.8
version/mozilla bugzilla/2.17.6
version/mozilla bugzilla/2.18.5
version/mozilla bugzilla/2.19.3
version/mozilla bugzilla/2.20-rc2
version/mozilla bugzilla/2.18.6
version/mozilla bugzilla/2.17.2
version/mozilla bugzilla/2.20-rc1
version/mozilla bugzilla/2.20
version/mozilla bugzilla/2.19
version/mozilla bugzilla/2.18-rc1
version/mozilla bugzilla/3.6.1
version/mozilla bugzilla/3.2.6
version/mozilla bugzilla/3.1.1
version/mozilla bugzilla/3.7.1
version/mozilla bugzilla/3.7
version/mozilla bugzilla/3.4.2
version/mozilla bugzilla/3.1.2
version/mozilla bugzilla/3.5.3
version/mozilla bugzilla/3.2.5
version/mozilla bugzilla/3.3.4
version/mozilla bugzilla/2.20.5
version/mozilla bugzilla/2.20.6
version/mozilla bugzilla/2.22.3
version/mozilla bugzilla/3.6
version/mozilla bugzilla/2.22.6
version/mozilla bugzilla/2.17.4
version/mozilla bugzilla/2.23.2
version/mozilla bugzilla/2.21.2
version/mozilla bugzilla/2.17.1
version/mozilla bugzilla/3.2.3
version/mozilla bugzilla/2.22.1
version/mozilla bugzilla/2.23.4
version/mozilla bugzilla/3.5.2
version/mozilla bugzilla/3.0
version/mozilla bugzilla/3.5.1
version/mozilla bugzilla/3.0.11
version/mozilla bugzilla/3.0.6
version/mozilla bugzilla/2.20.1
version/mozilla bugzilla/2.23.3
version/mozilla bugzilla/3.0.7
version/mozilla bugzilla/2.18.7
version/mozilla bugzilla/2.23.1
version/mozilla bugzilla/2.18.1
version/mozilla bugzilla/2.22-rc1
version/mozilla bugzilla/2.22.5
version/mozilla bugzilla/3.4.1
version/mozilla bugzilla/3.4.4
version/mozilla bugzilla/2.19.1
version/mozilla bugzilla/2.6
version/mozilla bugzilla/3.4.7
version/mozilla bugzilla/2.17.5
version/mozilla bugzilla/2.22
version/mozilla bugzilla/3.1.0
version/mozilla bugzilla/2.17.3
version/mozilla bugzilla/2.4
version/mozilla bugzilla/3.0.3
version/mozilla bugzilla/3.2
version/mozilla bugzilla/2.20.3
version/mozilla bugzilla/3.0.9
version/mozilla bugzilla/2.8
version/mozilla bugzilla/3.2.4
version/mozilla bugzilla/2.2
version/mozilla bugzilla/3.0.2
version/mozilla bugzilla/3.3.3
version/mozilla bugzilla/2.18.4
version/mozilla bugzilla/3.2.2
version/mozilla bugzilla/2.18.9
version/mozilla bugzilla/2.18
version/mozilla bugzilla/2.18.3
version/mozilla bugzilla/2.17.7
version/mozilla bugzilla/3.0.10
version/mozilla bugzilla/2.20.7
version/mozilla bugzilla/3.0.8
version/mozilla bugzilla/2.20.2
version/mozilla bugzilla/2.20.4
version/mozilla bugzilla/2.21.1
version/mozilla bugzilla/2.18-rc3
version/mozilla bugzilla/2.23
version/mozilla bugzilla/3.2.7
version/mozilla bugzilla/2.9
version/mozilla bugzilla/2.18.2
version/mozilla bugzilla/2.18-rc2
version/mozilla bugzilla/3.4.5
version/mozilla bugzilla/3.0.5
version/mozilla bugzilla/2.22.4
version/mozilla bugzilla/2.21
version/mozilla bugzilla/3.3.1
version/mozilla bugzilla/3.4.6
version/mozilla bugzilla/2.19.2