Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
2001-09-10T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 2.1 (LOW)
AV:L/AC:L/Au:N/C:N/I:N/A:P
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mozilla | bugzilla | 2.4 | Yes |
| Application | mozilla | bugzilla | 2.6 | Yes |
| Application | mozilla | bugzilla | 2.8 | Yes |
| Application | mozilla | bugzilla | 2.10 | Yes |
| Application | mozilla | bugzilla | 2.12 | Yes |
| Application | mozilla | bugzilla | 2.14 | Yes |