Executive Summary
Summary | |
---|---|
Title | New mantis packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-905 | First vendor Publication | 2005-11-22 |
Vendor | Debian | Last vendor Modification | 2005-11-22 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3091 A cross-site scripting vulnerability allows attackers to inject arbitrary web script or HTML. CVE-2005-3335 A file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. CVE-2005-3336 An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands. CVE-2005-3338 Mantis can be tricked into displaying the otherwise hidden real mail address of its users. The old stable distribution (woody) is not affected by these problems. For the stable distribution (sarge) these problems have been fixed in version 0.19.2-4.1. For the unstable distribution (sid) these problems have been fixed in version 0.19.3-0.1. We recommend that you upgrade your mantis package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-905 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-193 | PHP Remote File Inclusion |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200510-24 (Mantis) File : nvt/glsa_200510_24.nasl |
2008-09-04 | Name : FreeBSD Ports: mantis File : nvt/freebsd_mantis.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 905-1 (mantis) File : nvt/deb_905_1.nasl |
2006-03-26 | Name : Mantis File Inclusion and SQL Injection Flaws File : nvt/mantis_file_incl_sql_inject.nasl |
2006-03-26 | Name : Mantis Multiple Flaws (4) File : nvt/mantis_multiple_vulns4.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
20324 | Mantis Unspecified SQL Injection Mantis contains a flaw that may allow a remote attacker to carry out an SQL injection attack. No further details have been provided. |
20323 | Mantis User ID Cache Weakness |
20320 | Mantis Reminder Feature Email Address Disclosure |
20319 | Mantis bug_sponsorship_list_view_inc.php t_core_path Parameter Remote File In... |
18900 | Mantis bug_actiongroup_page.php Bug Report Deletion XSS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-905.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_82a410846ce711dab90c000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2005-11-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200510-24.nasl - Type : ACT_GATHER_INFO |
2005-10-27 | Name : The remote web server contains a PHP application that is affected by multiple... File : mantis_file_incl_sql_inject.nasl - Type : ACT_GATHER_INFO |
2005-08-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-778.nasl - Type : ACT_GATHER_INFO |
2005-08-22 | Name : The remote web server contains a PHP application that is affected by several ... File : mantis_multiple_vulns4.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:41 |
|