|
|
Family: CGI abuses --> Category: infos
Mantis Multiple Flaws Vulnerability Scan
Vulnerability Scan Summary
Checks for the version of Mantis
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
several flaws.
Description :
According to its banner, the version of Mantis on the remote host
contains various flaws that may allow an atacker to execute arbitrary
commands, inject SQL commands, view bugs it should not see, and get a
list of projects that should be hidden.
See also :
http://archives.neohapsis.com/archives/bugtraq/2002-08/0176.html
http://archives.neohapsis.com/archives/bugtraq/2002-08/0177.html
http://archives.neohapsis.com/archives/bugtraq/2002-08/0184.html
http://archives.neohapsis.com/archives/bugtraq/2002-08/0186.html
http://archives.neohapsis.com/archives/bugtraq/2002-08/0187.html
http://archives.neohapsis.com/archives/bugtraq/2002-08/0253.html
http://archives.neohapsis.com/archives/bugtraq/2002-08/0255.html
Solution :
Upgrade to Mantis 0.17.5 or newer.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
