Vulnerabilities > CVE-2005-3090 - Unspecified vulnerability in Mantis

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mantis
nessus

Summary

Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-778.NASL
    descriptionTwo security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts that may not be accessible otherwise. - CAN-2005-2557 A remote attacker was able to insert arbitrary HTML code in bug reports, hence, cross site scripting. - CAN-2005-3090 A remote attacker was able to insert arbitrary HTML code in bug reports, hence, cross site scripting. The old stable distribution (woody) does not seem to be affected by these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id19475
    published2005-08-23
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19475
    titleDebian DSA-778-1 : mantis - missing input sanitising
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-778. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19475);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2005-2556", "CVE-2005-2557", "CVE-2005-3090", "CVE-2005-3091");
      script_bugtraq_id(14604);
      script_xref(name:"DSA", value:"778");
    
      script_name(english:"Debian DSA-778-1 : mantis - missing input sanitising");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two security related problems have been discovered in Mantis, a
    web-based bug tracking system. The Common Vulnerabilities and
    Exposures project identifies the following problems :
    
      - CAN-2005-2556
        A remote attacker could supply a specially crafted URL
        to scan arbitrary ports on arbitrary hosts that may not
        be accessible otherwise.
    
      - CAN-2005-2557
    
        A remote attacker was able to insert arbitrary HTML code
        in bug reports, hence, cross site scripting.
    
      - CAN-2005-3090
    
        A remote attacker was able to insert arbitrary HTML code
        in bug reports, hence, cross site scripting.
    
    The old stable distribution (woody) does not seem to be affected by
    these problems."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-778"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mantis package.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 0.19.2-4."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/08/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/23");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"mantis", reference:"0.19.2-4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-905.NASL
    descriptionSeveral security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3091 A cross-site scripting vulnerability allows attackers to inject arbitrary web script or HTML. - CVE-2005-3335 A file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. - CVE-2005-3336 A SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands. - CVE-2005-3338 Mantis can be tricked into displaying the otherwise hidden real mail address of its users.
    last seen2020-06-01
    modified2020-06-02
    plugin id22771
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22771
    titleDebian DSA-905-1 : mantis - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-905. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22771);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2005-3090", "CVE-2005-3091", "CVE-2005-3335", "CVE-2005-3336", "CVE-2005-3338", "CVE-2005-3339");
      script_xref(name:"DSA", value:"905");
    
      script_name(english:"Debian DSA-905-1 : mantis - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several security related problems have been discovered in Mantis, a
    web-based bug tracking system. The Common Vulnerabilities and
    Exposures project identifies the following problems :
    
      - CVE-2005-3091
        A cross-site scripting vulnerability allows attackers to
        inject arbitrary web script or HTML.
    
      - CVE-2005-3335
        A file inclusion vulnerability allows remote attackers
        to execute arbitrary PHP code and include arbitrary
        local files.
    
      - CVE-2005-3336
        A SQL injection vulnerability allows remote attackers to
        execute arbitrary SQL commands.
    
      - CVE-2005-3338
        Mantis can be tricked into displaying the otherwise
        hidden real mail address of its users."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335938"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-905"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mantis package.
    
    The old stable distribution (woody) is not affected by these problems.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 0.19.2-4.1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/11/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"mantis", reference:"0.19.2-4.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCGI abuses
    NASL idMANTIS_MULTIPLE_VULNS4.NASL
    descriptionAccording to its banner, the version of Mantis on the remote host fails to sanitize user-supplied input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id19473
    published2005-08-22
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19473
    titleMantis < 1.0.0rc2 Multiple Vulnerabilities