User: Password:
|
|
Subscribe / Log in / New account

mantis: multiple vulnerabilities

Package(s):mantis CVE #(s):CVE-2013-0197 CVE-2013-1883
Created:April 1, 2013 Updated:April 3, 2013
Description: From the Red Hat bugzilla [1, 2]:

A denial of service flaw was found in the way MantisBT, a free popular web-based issue tracking system, performed processing of certain type of View Issues page search queries. A remote attacker could provide a specially-crafted query (filter combining some criteria and a text search with 'any condition') that, when processed by the MantisBT system, would lead to excessive system resources consumption (denial of service), possibly leading to complete MantisBT server instance unavailability. (CVE-2013-1883)

A persistent cross-site scripting (XSS) flaw was found in the way Mantis, a web-based issue tracking system, performed sanitization of the 'match_type' parameter. A remote attacker could provide a specially-crafted URL that, when processed by Mantis instance, would lead to arbitrary web script or HTML execution. (CVE-2013-0197)

Alerts:
Fedora FEDORA-2013-4335 mantis 2013-04-01
Fedora FEDORA-2013-4319 mantis 2013-04-01

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds