Bug 731777 - (CVE-2011-2938) CVE-2011-2938 MantisBT <1.2.7 search.php multiple XSS vulnerabilities
CVE-2011-2938 MantisBT <1.2.7 search.php multiple XSS vulnerabilities
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All All
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://www.mantisbt.org/bugs/view.php...
reported=20110818,public=20110818,sou...
: Security
Depends On: 731854 800667
Blocks:
  Show dependency treegraph
 
Reported: 2011-08-18 11:39 EDT by David Hicks
Modified: 2016-11-08 11:23 EST (History)
2 users (show)

See Also:
Fixed In Version: mantis 1.2.7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-15 00:24:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Hicks 2011-08-18 11:39:09 EDT
Original vulnerability report by Net.Edit0r (Net.Edit0r@Att.net) from BlACK Hat
Group [http://black-hg.org] is available at:
http://packetstormsecurity.org/files/104149

MantisBT bug report for full details of the issue:
http://www.mantisbt.org/bugs/view.php?id=13245

Please note that the second SQL injection vulnerability identified by
Net.Edit0r is not reproducible (refer to the MantisBT bug report above for
reasons why).

A patch for 1.2.6 is available at:
https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b

MantisBT 1.2.7 is currently being packaged and will be available shortly
through usual channels.

A CVE request and notice has been sent to oss-security@lists.openwall.com
Comment 1 Vincent Danen 2011-08-18 15:54:37 EDT
Thanks so much for the report, David!
Comment 2 Vincent Danen 2011-08-18 15:57:10 EDT
Created mantis tracking bugs for this issue

Affects: fedora-all [bug 731854]
Affects: epel-5 [bug 731855]
Comment 3 Vincent Danen 2011-08-19 16:45:09 EDT
This was assigned the name CVE-2011-2938.
Comment 4 Vincent Danen 2012-08-10 14:59:40 EDT
Currently supported versions of Fedora have 1.2.8, which correct this flaw.  EPEL's 1.1.8 may still be affected.
Comment 5 Vincent Danen 2013-03-15 00:24:06 EDT
EPEL5 hasn't been touched since Dec 2010, and the package is technically orphaned.  As a result I'm closing this bug as this issue is fixed in Fedora.  The EPEL5 tracking bug #800667 will remain open until either mantis is dropped from EPEL or it is fixed.

Note You need to log in before you can comment on or make changes to this bug.