GEN:SID 1:2073
Message WEB-MISC globals.pl access
Summary This event is generated when an attempt is made to exploit a known
vulnerability in Bugzilla.
Impact Disclosure of sensitive information.
Detailed Information The file globals.pl contains global variables used by Bugzilla
components. It is possible for this file to be read by a user via a web
browser.

Details such as the username and password of the administrator account
for the database are stored in this file.
Affected Systems Mozilla Bugzilla 2.4

Mozilla Bugzilla 2.6

Mozilla Bugzilla 2.8 for:
    Microsoft Windows 95, 98, NT 3.51 and NT 4.0

Mozilla Bugzilla 2.10
Attack Scenarios The attacker merely needs to make a direct request for the file via a
browser or other agent.
Ease of Attack Simple
Corrective Action Apply the appropriate patches from the vendor.

Ensure that the file globals.pl is not world readable.

Upgrade to the latest version of the software.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0330

Bugtraq:
http://www.securityfocus.com/bid/2671
Rule References bugtraq: 2671
cve: 2001-0330