Vulnerabilities > CVE-2005-2557 - Input Validation vulnerability in Mantis

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
mantis
debian
gentoo
nessus
exploit available

Summary

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

Exploit-Db

descriptionMantis 0.x/1.0 Multiple Input Validation Vulnerabilities. CVE-2005-2557. Webapps exploit for php platform
idEDB-ID:26172
last seen2016-02-03
modified2005-08-19
published2005-08-19
reporteranonymous
sourcehttps://www.exploit-db.com/download/26172/
titleMantis 0.x/1.0 - Multiple Input Validation Vulnerabilities

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-778.NASL
    descriptionTwo security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts that may not be accessible otherwise. - CAN-2005-2557 A remote attacker was able to insert arbitrary HTML code in bug reports, hence, cross site scripting. - CAN-2005-3090 A remote attacker was able to insert arbitrary HTML code in bug reports, hence, cross site scripting. The old stable distribution (woody) does not seem to be affected by these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id19475
    published2005-08-23
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19475
    titleDebian DSA-778-1 : mantis - missing input sanitising
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-778. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19475);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2005-2556", "CVE-2005-2557", "CVE-2005-3090", "CVE-2005-3091");
      script_bugtraq_id(14604);
      script_xref(name:"DSA", value:"778");
    
      script_name(english:"Debian DSA-778-1 : mantis - missing input sanitising");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two security related problems have been discovered in Mantis, a
    web-based bug tracking system. The Common Vulnerabilities and
    Exposures project identifies the following problems :
    
      - CAN-2005-2556
        A remote attacker could supply a specially crafted URL
        to scan arbitrary ports on arbitrary hosts that may not
        be accessible otherwise.
    
      - CAN-2005-2557
    
        A remote attacker was able to insert arbitrary HTML code
        in bug reports, hence, cross site scripting.
    
      - CAN-2005-3090
    
        A remote attacker was able to insert arbitrary HTML code
        in bug reports, hence, cross site scripting.
    
    The old stable distribution (woody) does not seem to be affected by
    these problems."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-778"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mantis package.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 0.19.2-4."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/08/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/23");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"mantis", reference:"0.19.2-4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCGI abuses
    NASL idMANTIS_MULTIPLE_VULNS4.NASL
    descriptionAccording to its banner, the version of Mantis on the remote host fails to sanitize user-supplied input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id19473
    published2005-08-22
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19473
    titleMantis < 1.0.0rc2 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200509-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200509-16 (Mantis: XSS and SQL injection vulnerabilities) Mantis fails to properly sanitize untrusted input before using it. This leads to a SQL injection and several cross-site scripting vulnerabilities. Impact : An attacker could possibly use the SQL injection vulnerability to access or modify information from the Mantis database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19815
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19815
    titleGLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities