Debian DSA 944-1 Moderate: Mantis Addressed Remote Security Issues
debian
January 27, 2006
Several security related problems have been discovered in Mantis, a
web-based bug tracking system
Topics Covered
Summary
Missing input sanitising allows remote attackers to inject
arbitrary web script or HTML.
CVE-2005-4518
Tobias Klein discovered that Mantis allows remote attackers to
bypass the file upload size restriction.
CVE-2005-4519
Tobias Klein discovered several SQL injection vulnerabilities that
allow remote attackers to execute arbitrary SQL commands.
CVE-2005-4520
Tobias Klein discovered unspecified "port injection"
vulnerabilities in filters.
CVE-2005-4521
Tobias Klein discovered a CRLF injection vulnerability that allows
remote attackers to modify HTTP headers and conduct HTTP response
splitting attacks.
CVE-2005-4522
Tobias Klein discovered several cross-site scripting (XSS)
vulnerabilities that allow remote attackers to inject arbitrary
web script or HTML.
CVE-2005-4523
Tobias Klein discovered that Mantis discloses private bugs via
public RSS feeds, which allows remote attackers to obtain
sensitive inform...
PREVIOUS
NEXT
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!