MantisBT 'View Issues' Page Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with MantisBT and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow remote attacker to consume all available memory resources and cause a denial of service condition. Impact Level: Application

Solution

Upgrade to MantisBT version 1.2.15 or later. For updates refer to http://www.mantisbt.org/download.php

Insight

The flaw is due to an error in the filter_api.php script.

Affected

MantisBT version 1.2.12 through 1.2.14

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://www.mantisbt.org/bugs/view.php?id=15573
http://www.osvdb.com/91618
http://xforce.iss.net/xforce/xfdb/83347

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1883

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

AlienForm CGI script
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
@Mail WebMail Email Body HTML Injection Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability

MantisBT 'View Issues' Page Denial of Service Vulnerability

Take action and discover your vulnerabilities