Unrated severityNVD Advisory· Published Jan 31, 2002· Updated Jun 16, 2026
CVE-2002-0008
CVE-2002-0008
Description
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*range: <=2.14.1
- (no CPE)range: <2.14.1
Patches
Vulnerability mechanics
References
9- bugzilla.mozilla.org/show_bug.cginvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdVendor Advisory
- www.bugzilla.org/security2_14_1.htmlnvdVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2002-01/0034.htmlnvd
- rhn.redhat.com/errata/RHSA-2002-001.htmlnvd
- www.iss.net/security_center/static/7804.phpnvd
- www.iss.net/security_center/static/7805.phpnvd
- www.securityfocus.com/bid/3793nvd
- www.securityfocus.com/bid/3794nvd
News mentions
0No linked articles in our index yet.