CGI.pl in Bugzilla prior to 2.14.1, when using LDAP, allows remote malicious users to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla |