Lucene search

[email protected]NVD:CVE-2010-4349

HistoryJan 03, 2011 - 8:00 p.m.

CVE-2010-4349

2011-01-0320:00:43

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

Affected configurations

NVD

Node

mantisbtmantisbtRange≤1.2.3

mantisbtmantisbtMatch0.18.0

mantisbtmantisbtMatch0.19.0

mantisbtmantisbtMatch0.19.0rc1

mantisbtmantisbtMatch0.19.0a1

mantisbtmantisbtMatch0.19.0a2

mantisbtmantisbtMatch0.19.1

mantisbtmantisbtMatch0.19.2

mantisbtmantisbtMatch0.19.3

mantisbtmantisbtMatch0.19.4

mantisbtmantisbtMatch0.19.5

mantisbtmantisbtMatch1.0.0

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.0a1

mantisbtmantisbtMatch1.0.0a2

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.6

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.1

mantisbtmantisbtMatch1.2.2

References

lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html

openwall.com/lists/oss-security/2010/12/15/4

openwall.com/lists/oss-security/2010/12/16/1

secunia.com/advisories/42772

secunia.com/advisories/51199

security.gentoo.org/glsa/glsa-201211-01.xml

www.mantisbt.org/blog/?p=123

www.mantisbt.org/bugs/changelog_page.php?version_id=112

www.mantisbt.org/bugs/view.php?id=12607

www.vupen.com/english/advisories/2011/0002

www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php

bugzilla.redhat.com/show_bug.cgi?id=663230

exchange.xforce.ibmcloud.com/vulnerabilities/64463

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for NVD:CVE-2010-4349

ubuntucve1 cvelist1 cve1 prion1 openvas9 nessus3 fedora2 gentoo1