Path Disclosure Vulnerability in Mozilla CVS Query Tool
CVE-2003-0153

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bonsai
Vendor: CVE Published:; 2 April 2003

What is CVE-2003-0153?

The Bonsai tool by Mozilla is vulnerable to path disclosure due to improper error handling in specific CGI scripts, including cvslog.cgi, cvsview2.cgi, and multidiff.cgi. When errors occur, the tool unintentionally reveals the absolute pathname of itself in the error message. This exposure can be leveraged by attackers to gain insights into the server's file structure, potentially aiding in further attacks.

References

http://marc.info/?l=bugtraq&m=102980129101054&w=2

mailing-listx_refsource_BUGTRAQ

http://bugzilla.mozilla.org/show_bug.cgi?id=187230

x_refsource_CONFIRM

http://www.debian.org/security/2003/dsa-265

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2003
Vulnerability Reserved
Mar 19, 2003