Mantis未认证项目漏洞列表浏览漏洞

漏洞信息详情

Mantis未认证项目漏洞列表浏览漏洞

• CNNVD编号：CNNVD-200210-061
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1116
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-10-04
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  mantis
• 漏洞来源：
  Credited to Diehl …

Mantis 0.17.4a及其更早版本的“View Bugs”页面（view_all_bug_page.php）包含的用户个人漏洞总结不能被任何项目访问。

The vendor has included a source code fix:
— mantis-0.17.4a/view_all_bug_page.php Mon Aug 19 07:18:54 2002
+++ mantis-0.17.5/view_all_bug_page.php Fri Aug 23 11:57:50 2002
@@ -90,7 +90,7 @@
$result2 = db_query( $query2 );
$project_count = db_num_rows( $result2 );
if ( 0 == $project_count ) {
– $t_where_clause = ” WHERE 1=1″;
+ $t_where_clause = ” WHERE 0=1″;
} else {
$t_where_clause = ” WHERE (“;
for ($i=0;$i<$project_count;$i++) {
An updated version is available:
Mantis Mantis 0.17 .0

• Mantis Mantis 0.17.5
  
  http://sourceforge.net/project/showfiles.php?group_id=14963

Mantis Mantis 0.17.1

• Debian mantis_0.17.1-2.5_all.deb
  
  http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-2.
  5_all.deb
• Mantis Mantis 0.17.5
  
  http://sourceforge.net/project/showfiles.php?group_id=14963

Mantis Mantis 0.17.2

• Mantis Mantis 0.17.5
  
  http://sourceforge.net/project/showfiles.php?group_id=14963

Mantis Mantis 0.17.3

• Mantis Mantis 0.17.5
  
  http://sourceforge.net/project/showfiles.php?group_id=14963

Mantis Mantis 0.17.4 a

• Mantis Mantis 0.17.5
  
  http://sourceforge.net/project/showfiles.php?group_id=14963

Mantis Mantis 0.17.4

• Mantis Mantis 0.17.5
  
  http://sourceforge.net/project/showfiles.php?group_id=14963

来源: DEBIAN
名称: DSA-161
链接:http://www.debian.org/security/2002/dsa-161

来源: XF
名称: mantis-viewbugs-bug-listing(9955)
链接:http://xforce.iss.net/xforce/xfdb/9955

来源: BID
名称: 5565
链接:http://www.securityfocus.com/bid/5565

来源: BUGTRAQ
名称: 20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on ‘View Bugs’
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103014152320112&w=2