Incredibly Easy to Exploit
“The implications of this vulnerability are severe,” PerimeterX’s security researcher Netanel Rubin wrote in a blog post. “It could allow an attacker to access undisclosed security vulnerabilities in hundreds of products… Imagine the hundreds or thousands of zero-days and other security vulnerabilities that could potentially be exposed.”
Rubin said the flaw was tested on Mozilla’s Bugzilla.mozilla.org and found that all Perl-based Bugzilla versions, including 2.0 to 4.2.14, 4.3.1 to 4.4.9, 4.5.1 to 5.0, were vulnerable at the time of the report.
It’s not clear whether the Bugzilla vulnerability has been used by malicious hackers to gain access to more unpatched vulnerabilities.