CVE-2001-1405

Description

Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.

Affected products

• Mozilla / Bugzilla2.4 – 2.4
• Mozilla / Bugzilla2.6 – 2.6
• Mozilla / Bugzilla2.8 – 2.8
• Mozilla / Bugzilla2.10 – 2.10
• Mozilla / Bugzilla2.12 – 2.12
• Mozilla / Bugzilla2.14 – 2.14

References

• MISChttp://bugzilla.mozilla.org/show_bug.cgi?id=54556
• MAILING_LISThttp://marc.info/?l=bugtraq&m=99912899900567
• MISChttp://www.redhat.com/support/errata/RHSA-2001-107.html