ID CVE-2012-5522 Type cve Reporter cve@mitre.org Modified 2021-01-12T18:05:00
Description
MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.
{"nessus": [{"lastseen": "2021-01-20T12:06:37", "description": "According to its version number, the MantisBT install hosted on the\nremote web server is affected by multiple vulnerabilities :\n\n - The application is affected by an information\n disclosure vulnerability due to a flaw in using default\n values to determine if a user has sufficient privileges\n to modify the status of a bug. This could allow an\n unauthenticated, remote attacker to modify the status\n of a bug. (CVE-2012-5522)\n\n - The application is affected by an information\n disclosure vulnerability because permissions are\n maintained when cloning and transferring an issue to\n another project. This could allow a remote attacker\n to view the notes of a cloned issue provided they had\n sufficient privileges to view the notes of the original\n issue. (CVE-2012-5523)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 27, "published": "2013-02-11T00:00:00", "title": "MantisBT < 1.2.12 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5523", "CVE-2012-5522"], "modified": "2013-02-11T00:00:00", "cpe": ["cpe:/a:mantisbt:mantisbt"], "id": "MANTIS_1_2_12.NASL", "href": "https://www.tenable.com/plugins/nessus/64561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(64561);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5522\", \"CVE-2012-5523\");\n script_bugtraq_id(56520);\n\n script_name(english:\"MantisBT < 1.2.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mantis\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server contains a PHP application that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its version number, the MantisBT install hosted on the\nremote web server is affected by multiple vulnerabilities :\n\n - The application is affected by an information\n disclosure vulnerability due to a flaw in using default\n values to determine if a user has sufficient privileges\n to modify the status of a bug. This could allow an\n unauthenticated, remote attacker to modify the status\n of a bug. (CVE-2012-5522)\n\n - The application is affected by an information\n disclosure vulnerability because permissions are\n maintained when cloning and transferring an issue to\n another project. This could allow a remote attacker\n to view the notes of a cloned issue provided they had\n sufficient privileges to view the notes of the original\n issue. (CVE-2012-5523)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://mantisbt.org/bugs/changelog_page.php?version_id=150\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 1.2.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mantisbt:mantisbt\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mantis_detect.nasl\");\n script_require_keys(\"installed_sw/MantisBT\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\napp_name = \"MantisBT\";\n\ninstall = get_single_install(app_name: app_name, port: port, exit_if_unknown_ver:TRUE);\ninstall_url = build_url(port:port, qs:install['path']);\nversion = install['version'];\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions less than 1.2.12 are vulnerable\nif (\n ver[0] < 1 ||\n (ver[0] == 1 && ver[1] < 2) ||\n (ver[0] == 1 && ver[1] == 2 && ver[2] < 12)\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +version+\n '\\n Fixed version : 1.2.12\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, install_url, version);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:13", "description": "New upstream release, fixes several security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-11-26T00:00:00", "title": "Fedora 16 : mantis-1.2.12-1.fc16 (2012-18299)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "modified": "2012-11-26T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:mantis"], "id": "FEDORA_2012-18299.NASL", "href": "https://www.tenable.com/plugins/nessus/63039", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18299.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63039);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1118\", \"CVE-2012-1119\", \"CVE-2012-1120\", \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\", \"CVE-2012-2691\", \"CVE-2012-2692\", \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_bugtraq_id(52313, 53907, 53921, 56520);\n script_xref(name:\"FEDORA\", value:\"2012-18299\");\n\n script_name(english:\"Fedora 16 : mantis-1.2.12-1.fc16 (2012-18299)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release, fixes several security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=800665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=876371\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?638916e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mantis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mantis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"mantis-1.2.12-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mantis\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:13", "description": "New upstream release, fixes several security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-11-26T00:00:00", "title": "Fedora 17 : mantis-1.2.12-1.fc17 (2012-18294)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "modified": "2012-11-26T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:mantis"], "id": "FEDORA_2012-18294.NASL", "href": "https://www.tenable.com/plugins/nessus/63038", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18294.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63038);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1118\", \"CVE-2012-1119\", \"CVE-2012-1120\", \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\", \"CVE-2012-2691\", \"CVE-2012-2692\", \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_bugtraq_id(52313, 53907, 53921, 56520);\n script_xref(name:\"FEDORA\", value:\"2012-18294\");\n\n script_name(english:\"Fedora 17 : mantis-1.2.12-1.fc17 (2012-18294)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release, fixes several security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=800665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=876371\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6caed09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mantis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mantis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"mantis-1.2.12-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mantis\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:13", "description": "New upstream release, fixes several security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-11-26T00:00:00", "title": "Fedora 18 : mantis-1.2.12-1.fc18 (2012-18273)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "modified": "2012-11-26T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:mantis"], "id": "FEDORA_2012-18273.NASL", "href": "https://www.tenable.com/plugins/nessus/63036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18273.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63036);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1118\", \"CVE-2012-1119\", \"CVE-2012-1120\", \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\", \"CVE-2012-2691\", \"CVE-2012-2692\", \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_bugtraq_id(52313, 53921, 56520);\n script_xref(name:\"FEDORA\", value:\"2012-18273\");\n\n script_name(english:\"Fedora 18 : mantis-1.2.12-1.fc18 (2012-18273)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release, fixes several security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=800665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=830737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=876371\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6da8c94\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mantis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mantis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mantis-1.2.12-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mantis\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1118", "CVE-2012-1119", "CVE-2012-1120", "CVE-2012-1122", "CVE-2012-1123", "CVE-2012-2691", "CVE-2012-2692", "CVE-2012-5522", "CVE-2012-5523"], "description": "Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.12 When the package has finished installing, you will need to perform some additional configuration steps; these are described in: /usr/share/doc/mantis-1.2.12/README.Fedora ", "modified": "2012-11-23T07:56:23", "published": "2012-11-23T07:56:23", "id": "FEDORA:0A423228B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mantis-1.2.12-1.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1118", "CVE-2012-1119", "CVE-2012-1120", "CVE-2012-1121", "CVE-2012-1122", "CVE-2012-1123", "CVE-2012-2691", "CVE-2012-2692", "CVE-2012-5522", "CVE-2012-5523"], "description": "Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.12 When the package has finished installing, you will need to perform some additional configuration steps; these are described in: /usr/share/doc/mantis-1.2.12/README.Fedora ", "modified": "2012-11-24T03:25:38", "published": "2012-11-24T03:25:38", "id": "FEDORA:44779216E9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mantis-1.2.12-1.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1118", "CVE-2012-1119", "CVE-2012-1120", "CVE-2012-1121", "CVE-2012-1122", "CVE-2012-1123", "CVE-2012-2691", "CVE-2012-2692", "CVE-2012-5522", "CVE-2012-5523"], "description": "Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.12 When the package has finished installing, you will need to perform some additional configuration steps; these are described in: /usr/share/doc/mantis-1.2.12/README.Fedora ", "modified": "2012-11-24T03:24:38", "published": "2012-11-24T03:24:38", "id": "FEDORA:F3F8F216DD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: mantis-1.2.12-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1118", "CVE-2012-1119", "CVE-2012-1120", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-2691", "CVE-2012-2692", "CVE-2012-5522", "CVE-2012-5523", "CVE-2013-0197", "CVE-2013-1883"], "description": "Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.14 When the package has finished installing, you will need to perform some additional configuration steps; these are described in: /usr/share/doc/mantis-1.2.14/README.Fedora ", "modified": "2013-04-01T03:32:44", "published": "2013-04-01T03:32:44", "id": "FEDORA:CA79120FC0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mantis-1.2.14-1.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1118", "CVE-2012-1119", "CVE-2012-1120", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-2691", "CVE-2012-2692", "CVE-2012-5522", "CVE-2012-5523", "CVE-2013-1883", "CVE-2013-1930", "CVE-2013-1931"], "description": "Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.15 When the package has finished installing, you will need to perform some additional configuration steps; these are described in: /usr/share/doc/mantis-1.2.15/README.Fedora ", "modified": "2013-04-25T00:32:27", "published": "2013-04-25T00:32:27", "id": "FEDORA:9CBC920F4D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mantis-1.2.15-1.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-11T11:06:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "description": "Check for the Version of mantis", "modified": "2018-01-09T00:00:00", "published": "2012-11-26T00:00:00", "id": "OPENVAS:864891", "href": "http://plugins.openvas.org/nasl.php?oid=864891", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2012-18294", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2012-18294\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mantis is a free popular web-based issue tracking system.\n It is written in the PHP scripting language and works with MySQL, MS SQL,\n and PostgreSQL databases and a web server.\n Almost any web browser should be able to function as a client.\n\n Documentation can be found in: /usr/share/doc/mantis-1.2.12\n\n When the package has finished installing, you will need to perform some\n additional configuration steps; these are described in:\n /usr/share/doc/mantis-1.2.12/README.Fedora\";\n\ntag_affected = \"mantis on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html\");\n script_id(864891);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 09:00:21 +0530 (Mon, 26 Nov 2012)\");\n script_cve_id(\"CVE-2012-2691\", \"CVE-2012-2692\", \"CVE-2012-1118\", \"CVE-2012-1119\",\n \"CVE-2012-1120\", \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\",\n \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-18294\");\n script_name(\"Fedora Update for mantis FEDORA-2012-18294\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mantis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "description": "Check for the Version of mantis", "modified": "2018-01-01T00:00:00", "published": "2012-11-26T00:00:00", "id": "OPENVAS:864887", "href": "http://plugins.openvas.org/nasl.php?oid=864887", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2012-18299", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2012-18299\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mantis is a free popular web-based issue tracking system.\n It is written in the PHP scripting language and works with MySQL, MS SQL,\n and PostgreSQL databases and a web server.\n Almost any web browser should be able to function as a client.\n\n Documentation can be found in: /usr/share/doc/mantis-1.2.12\n\n When the package has finished installing, you will need to perform some\n additional configuration steps; these are described in:\n /usr/share/doc/mantis-1.2.12/README.Fedora\";\n\ntag_affected = \"mantis on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html\");\n script_id(864887);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 08:59:41 +0530 (Mon, 26 Nov 2012)\");\n script_cve_id(\"CVE-2012-2691\", \"CVE-2012-2692\", \"CVE-2012-1118\", \"CVE-2012-1119\",\n \"CVE-2012-1120\", \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\",\n \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-18299\");\n script_name(\"Fedora Update for mantis FEDORA-2012-18299\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mantis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-11-26T00:00:00", "id": "OPENVAS:1361412562310864891", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864891", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2012-18294", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2012-18294\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864891\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 09:00:21 +0530 (Mon, 26 Nov 2012)\");\n script_cve_id(\"CVE-2012-2691\", \"CVE-2012-2692\", \"CVE-2012-1118\", \"CVE-2012-1119\",\n \"CVE-2012-1120\", \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\",\n \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-18294\");\n script_name(\"Fedora Update for mantis FEDORA-2012-18294\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mantis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mantis on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-11-26T00:00:00", "id": "OPENVAS:1361412562310864887", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864887", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2012-18299", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2012-18299\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864887\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 08:59:41 +0530 (Mon, 26 Nov 2012)\");\n script_cve_id(\"CVE-2012-2691\", \"CVE-2012-2692\", \"CVE-2012-1118\", \"CVE-2012-1119\",\n \"CVE-2012-1120\", \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\",\n \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-18299\");\n script_name(\"Fedora Update for mantis FEDORA-2012-18299\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mantis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"mantis on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-26T11:10:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0197", "CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2013-1883", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "description": "Check for the Version of mantis", "modified": "2018-01-26T00:00:00", "published": "2013-04-02T00:00:00", "id": "OPENVAS:865507", "href": "http://plugins.openvas.org/nasl.php?oid=865507", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2013-4335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2013-4335\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mantis is a free popular web-based issue tracking system.\n It is written in the PHP scripting language and works with MySQL, MS SQL,\n and PostgreSQL databases and a web server.\n Almost any web browser should be able to function as a client.\n\n Documentation can be found in: /usr/share/doc/mantis-1.2.14\n\n When the package has finished installing, you will need to perform some\n additional configuration steps; these are described in:\n /usr/share/doc/mantis-1.2.14/README.Fedora\";\n\n\ntag_affected = \"mantis on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101206.html\");\n script_id(865507);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:21:48 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-0197\", \"CVE-2013-1883\", \"CVE-2012-2691\", \"CVE-2012-2692\",\n \"CVE-2012-1118\", \"CVE-2012-1119\", \"CVE-2012-1120\", \"CVE-2012-1121\",\n \"CVE-2012-1122\", \"CVE-2012-1123\", \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-4335\");\n script_name(\"Fedora Update for mantis FEDORA-2013-4335\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mantis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.14~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0197", "CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2013-1883", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-04-02T00:00:00", "id": "OPENVAS:1361412562310865507", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865507", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2013-4335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2013-4335\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101206.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865507\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:21:48 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-0197\", \"CVE-2013-1883\", \"CVE-2012-2691\", \"CVE-2012-2692\",\n \"CVE-2012-1118\", \"CVE-2012-1119\", \"CVE-2012-1120\", \"CVE-2012-1121\",\n \"CVE-2012-1122\", \"CVE-2012-1123\", \"CVE-2012-5522\", \"CVE-2012-5523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-4335\");\n script_name(\"Fedora Update for mantis FEDORA-2013-4335\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mantis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mantis on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.14~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-19T15:09:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1930", "CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2013-1931", "CVE-2013-1883", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "description": "Check for the Version of mantis", "modified": "2018-01-19T00:00:00", "published": "2013-04-25T00:00:00", "id": "OPENVAS:865582", "href": "http://plugins.openvas.org/nasl.php?oid=865582", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2013-5833", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2013-5833\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mantis is a free popular web-based issue tracking system.\n It is written in the PHP scripting language and works with MySQL, MS SQL,\n and PostgreSQL databases and a web server.\n Almost any web browser should be able to function as a client.\n\n Documentation can be found in: /usr/share/doc/mantis-1.2.15\n \n When the package has finished installing, you will need to perform some\n additional configuration steps; these are described in:\n /usr/share/doc/mantis-1.2.15/README.Fedora\";\n\n\ntag_affected = \"mantis on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865582);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:16:59 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-1930\", \"CVE-2013-1931\", \"CVE-2013-1883\", \"CVE-2012-2691\",\n \"CVE-2012-2692\", \"CVE-2012-1118\", \"CVE-2012-1119\", \"CVE-2012-1120\",\n \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\", \"CVE-2012-5522\",\n \"CVE-2012-5523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mantis FEDORA-2013-5833\");\n\n script_xref(name: \"FEDORA\", value: \"2013-5833\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of mantis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.15~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1930", "CVE-2012-1118", "CVE-2012-1121", "CVE-2012-1123", "CVE-2012-5523", "CVE-2012-2691", "CVE-2012-1120", "CVE-2013-1931", "CVE-2013-1883", "CVE-2012-1119", "CVE-2012-5522", "CVE-2012-1122", "CVE-2012-2692"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-04-25T00:00:00", "id": "OPENVAS:1361412562310865582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865582", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2013-5833", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2013-5833\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865582\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:16:59 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-1930\", \"CVE-2013-1931\", \"CVE-2013-1883\", \"CVE-2012-2691\",\n \"CVE-2012-2692\", \"CVE-2012-1118\", \"CVE-2012-1119\", \"CVE-2012-1120\",\n \"CVE-2012-1121\", \"CVE-2012-1122\", \"CVE-2012-1123\", \"CVE-2012-5522\",\n \"CVE-2012-5523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mantis FEDORA-2013-5833\");\n script_xref(name:\"FEDORA\", value:\"2013-5833\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mantis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mantis on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.15~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
