Summary
This host is installed with MantisBT
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, access the installation script and obtain database access credentials and conduct SQL injection attacks.
Impact Level: Application
Solution
Upgrade to MantisBT version 1.2.19 or
1.3.0-beta.2 or later. For updates refer to
http://www.mantisbt.org/download.php
Insight
Multiple flaws are due to,
- Insufficient filtration of input data passed via the 'admin_username' and 'admin_password' HTTP GET parameters to '/install.php' script.
- Insufficient access restrictions to the installation script 'install.php' when HTTP GET 'install' parameter is set to '4'.
- Insufficient filtration of the 'MANTIS_MANAGE_USERS_COOKIE' HTTP COOKIE in '/manage_user_page.php' script.
Affected
MantisBT version before 1.2.19 and 1.3.x
before 1.3.0-beta.2
Detection
Get the installed version with
the help of detect NVT and check the version is vulnerable or not.
References
- http://seclists.org/oss-sec/2015/q1/156
- http://seclists.org/oss-sec/2015/q1/157
- http://seclists.org/oss-sec/2015/q1/158
- http://xforce.iss.net/xforce/xfdb/100209
- http://xforce.iss.net/xforce/xfdb/100210
- http://xforce.iss.net/xforce/xfdb/100211
- https://www.htbridge.com/advisory/HTB23243
- https://www.mantisbt.org/bugs/view.php?id=17937
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9571, CVE-2014-9572, CVE-2014-9573 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities