Red Hat Bugzilla – Bug 741400
CVE-2011-3755 mantis: installation path disclosure via a direct request to a .php file
Last modified: 2013-03-15 00:23:21 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3755 to
the following vulnerability:
MantisBT 1.2.4 allows remote attackers to obtain sensitive information
via a direct request to a .php file, which reveals the installation
path in an error message, as demonstrated by view_all_inc.php and
certain other files.
Created mantis tracking bugs for this issue
Affects: fedora-all [bug 741402]
Affects: epel-5 [bug 741403]
EPEL5 hasn't been touched since Dec 2010, and the package is technically orphaned. As a result I'm closing this bug as this issue is fixed in Fedora. The EPEL5 tracking bug #800667 will remain open until either mantis is dropped from EPEL or it is fixed.
Fedora has 1.2.12 which is fixed.