Lucene search
HistoryDec 08, 2014 - 4:59 p.m.
CVE-2014-9279
cve-2014-9279
mantisbt
database credentials
remote attackers
security vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.4%
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.
Affected configurations
Node
mantisbtmantisbtMatch1.0.0a3
ORmantisbtmantisbtMatch1.0.0rc1
ORmantisbtmantisbtMatch1.0.0rc2
ORmantisbtmantisbtMatch1.0.0rc3
ORmantisbtmantisbtMatch1.0.0rc4
ORmantisbtmantisbtMatch1.0.0rc5
ORmantisbtmantisbtMatch1.0.1
ORmantisbtmantisbtMatch1.0.2
ORmantisbtmantisbtMatch1.0.3
ORmantisbtmantisbtMatch1.0.4
ORmantisbtmantisbtMatch1.0.5
ORmantisbtmantisbtMatch1.0.6
ORmantisbtmantisbtMatch1.0.7
ORmantisbtmantisbtMatch1.0.8
ORmantisbtmantisbtMatch1.0.9
ORmantisbtmantisbtMatch1.1.0
ORmantisbtmantisbtMatch1.1.0a1
ORmantisbtmantisbtMatch1.1.0a2
ORmantisbtmantisbtMatch1.1.0a3
ORmantisbtmantisbtMatch1.1.0a4
ORmantisbtmantisbtMatch1.1.0rc1
ORmantisbtmantisbtMatch1.1.0rc2
ORmantisbtmantisbtMatch1.1.0rc3
ORmantisbtmantisbtMatch1.1.1
ORmantisbtmantisbtMatch1.1.2
ORmantisbtmantisbtMatch1.1.3
ORmantisbtmantisbtMatch1.1.4
ORmantisbtmantisbtMatch1.1.5
ORmantisbtmantisbtMatch1.1.6
ORmantisbtmantisbtMatch1.1.7
ORmantisbtmantisbtMatch1.1.8
ORmantisbtmantisbtMatch1.1.9
ORmantisbtmantisbtMatch1.2.0
ORmantisbtmantisbtMatch1.2.0alpha1
ORmantisbtmantisbtMatch1.2.0alpha2
ORmantisbtmantisbtMatch1.2.0alpha3
ORmantisbtmantisbtMatch1.2.0rc1
ORmantisbtmantisbtMatch1.2.0rc2
ORmantisbtmantisbtMatch1.2.1
ORmantisbtmantisbtMatch1.2.10
ORmantisbtmantisbtMatch1.2.11
ORmantisbtmantisbtMatch1.2.12
ORmantisbtmantisbtMatch1.2.13
ORmantisbtmantisbtMatch1.2.14
ORmantisbtmantisbtMatch1.2.15
ORmantisbtmantisbtMatch1.2.16
ORmantisbtmantisbtMatch1.2.17
Related
prion
prion
Default credentials
2014-12-08 16:59:00
ubuntucve
ubuntucve
CVE-2014-9279
2014-12-08 00:00:00
cvelist
cvelist
CVE-2014-9279
2014-12-08 16:00:00
nvd
nvd
CVE-2014-9279
2014-12-08 16:59:12
openvas
openvas
MantisBT 1.1.0a3 - 1.2.17 Multiple Vulnerabilities - Windows
2015-12-03 00:00:00
MantisBT 1.1.0a3 - 1.2.17 Multiple Vulnerabilities - Linux
2015-12-03 00:00:00
Fedora Update for mantis FEDORA-2014-16609
2015-01-05 00:00:00
nessus
nessus
MantisBT 1.1.x < 1.2.18 Multiple Vulnerabilities
2015-02-18 00:00:00
Fedora 20 : mantis-1.2.18-1.fc20 (2014-16546)
2014-12-22 00:00:00
Fedora 19 : mantis-1.2.18-1.fc19 (2014-16504)
2014-12-22 00:00:00
archlinux
archlinux
mantisbt: multiple issues
2014-12-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mantis-1.2.18-1.fc21
2014-12-20 08:51:48
[SECURITY] Fedora 20 Update: mantis-1.2.18-1.fc20
2014-12-20 08:48:12
[SECURITY] Fedora 19 Update: mantis-1.2.18-1.fc19
2014-12-20 08:34:55
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.4%
Related for CVE-2014-9279