Executive Summary
| Summary | |
|---|---|
| Title | New mantis packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-778 | First vendor Publication | 2005-08-19 |
| Vendor | Debian | Last vendor Modification | 2005-08-19 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Two security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-2556 A remote attacker could insert arbitrary SQL code into SQL statements. CAN-2005-2557 A remote attacker was able to insert arbitrary HTML code bug reports, hence, cross site scripting. The old stable distribution (woody) does not seem to be affected by these problems. For the stable distribution (sarge) these problems have been fixed in version 0.19.2-4. For the unstable distribution (sid) these problems have been fixed in version 0.19.2-4. We recommend that you upgrade your mantis package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-778 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-16 (Mantis) File : nvt/glsa_200509_16.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 778-1 (mantis) File : nvt/deb_778_1.nasl |
| 2006-03-26 | Name : Mantis Multiple Flaws (4) File : nvt/mantis_multiple_vulns4.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 18903 | Mantis Unspecified SQL Injection |
| 18901 | Mantis view_all_set.php dir Parameter XSS |
| 18900 | Mantis bug_actiongroup_page.php Bug Report Deletion XSS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-905.nasl - Type : ACT_GATHER_INFO |
| 2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-16.nasl - Type : ACT_GATHER_INFO |
| 2005-08-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-778.nasl - Type : ACT_GATHER_INFO |
| 2005-08-22 | Name : The remote web server contains a PHP application that is affected by several ... File : mantis_multiple_vulns4.nasl - Type : ACT_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:14 |
|
