Bug 731777 (CVE-2011-2938)

Summary: CVE-2011-2938 MantisBT <1.2.7 search.php multiple XSS vulnerabilities
Product: [Other] Security Response Reporter: David Hicks <d>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jrusnack, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: All   
URL: http://www.mantisbt.org/bugs/view.php?id=13245
Whiteboard: reported=20110818,public=20110818,source=researcher,impact=moderate,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/mantis=affected,epel-5/mantis=affected,cwe=CWE-79[auto]
Fixed In Version: mantis 1.2.7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-15 00:24:06 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 731854, 800667    
Bug Blocks:    

Description David Hicks 2011-08-18 11:39:09 EDT
Original vulnerability report by Net.Edit0r (Net.Edit0r@Att.net) from BlACK Hat
Group [http://black-hg.org] is available at:
http://packetstormsecurity.org/files/104149

MantisBT bug report for full details of the issue:
http://www.mantisbt.org/bugs/view.php?id=13245

Please note that the second SQL injection vulnerability identified by
Net.Edit0r is not reproducible (refer to the MantisBT bug report above for
reasons why).

A patch for 1.2.6 is available at:
https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b

MantisBT 1.2.7 is currently being packaged and will be available shortly
through usual channels.

A CVE request and notice has been sent to oss-security@lists.openwall.com
Comment 1 Vincent Danen 2011-08-18 15:54:37 EDT
Thanks so much for the report, David!
Comment 2 Vincent Danen 2011-08-18 15:57:10 EDT
Created mantis tracking bugs for this issue

Affects: fedora-all [bug 731854]
Affects: epel-5 [bug 731855]
Comment 3 Vincent Danen 2011-08-19 16:45:09 EDT
This was assigned the name CVE-2011-2938.
Comment 4 Vincent Danen 2012-08-10 14:59:40 EDT
Currently supported versions of Fedora have 1.2.8, which correct this flaw.  EPEL's 1.1.8 may still be affected.
Comment 5 Vincent Danen 2013-03-15 00:24:06 EDT
EPEL5 hasn't been touched since Dec 2010, and the package is technically orphaned.  As a result I'm closing this bug as this issue is fixed in Fedora.  The EPEL5 tracking bug #800667 will remain open until either mantis is dropped from EPEL or it is fixed.