1. CVE-Search
  2. CVE-2002-1112
ID CVE-2002-1112
Summary Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
References
Vulnerable Configurations
  • cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 5514
bugtraq 20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation
confirm http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt
debian DSA-153
xf mantis-private-project-bug-listing(9899)
Last major update 10-10-2017 - 01:30
Published 04-10-2002 - 04:00
Last modified 10-10-2017 - 01:30
Back to Top