1
Candidate: CVE-2009-0486
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0486
6
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the
7
srand function at startup time, which causes Apache children to have the
8
same seed and produce insufficiently random numbers for random tokens,
9
which allows remote attackers to bypass cross-site request forgery (CSRF)
10
protection mechanisms and conduct unauthorized activities as other users.
19
upstream_bugzilla: released (3.2.4.0-3)
20
dapper_bugzilla: ignored (reached end-of-life)
21
gutsy_bugzilla: needed (reached end-of-life)
22
hardy_bugzilla: ignored (reached end-of-life)
23
intrepid_bugzilla: needed (reached end-of-life)
24
jaunty_bugzilla: ignored (reached end-of-life)
25
karmic_bugzilla: not-affected (3.2.4.0-3)
26
lucid_bugzilla: not-affected (3.2.4.0-3)
27
maverick_bugzilla: not-affected (3.2.4.0-3)
28
natty_bugzilla: not-affected (3.2.4.0-3)
29
oneiric_bugzilla: not-affected (3.2.4.0-3)
30
devel_bugzilla: not-affected (3.2.4.0-3)