Bug 731777 (CVE-2011-2938)

Summary: CVE-2011-2938 MantisBT <1.2.7 search.php multiple XSS vulnerabilities
Product: [Other] Security Response Reporter: David Hicks <d>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jrusnack, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: All   
URL: http://www.mantisbt.org/bugs/view.php?id=13245
Whiteboard:
Fixed In Version: mantis 1.2.7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-15 04:24:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 731854, 800667    
Bug Blocks:    

Description David Hicks 2011-08-18 15:39:09 UTC
Original vulnerability report by Net.Edit0r (Net.Edit0r) from BlACK Hat
Group [http://black-hg.org] is available at:
http://packetstormsecurity.org/files/104149

MantisBT bug report for full details of the issue:
http://www.mantisbt.org/bugs/view.php?id=13245

Please note that the second SQL injection vulnerability identified by
Net.Edit0r is not reproducible (refer to the MantisBT bug report above for
reasons why).

A patch for 1.2.6 is available at:
https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b

MantisBT 1.2.7 is currently being packaged and will be available shortly
through usual channels.

A CVE request and notice has been sent to oss-security.com

Comment 1 Vincent Danen 2011-08-18 19:54:37 UTC
Thanks so much for the report, David!

Comment 2 Vincent Danen 2011-08-18 19:57:10 UTC
Created mantis tracking bugs for this issue

Affects: fedora-all [bug 731854]
Affects: epel-5 [bug 731855]

Comment 3 Vincent Danen 2011-08-19 20:45:09 UTC
This was assigned the name CVE-2011-2938.

Comment 4 Vincent Danen 2012-08-10 18:59:40 UTC
Currently supported versions of Fedora have 1.2.8, which correct this flaw.  EPEL's 1.1.8 may still be affected.

Comment 5 Vincent Danen 2013-03-15 04:24:06 UTC
EPEL5 hasn't been touched since Dec 2010, and the package is technically orphaned.  As a result I'm closing this bug as this issue is fixed in Fedora.  The EPEL5 tracking bug #800667 will remain open until either mantis is dropped from EPEL or it is fixed.