Vulnerability Description
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mantis | Mantis | 0.15.3 |
References
- http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt
- http://marc.info/?l=bugtraq&m=102978673018271&w=2
- http://www.debian.org/security/2002/dsa-153PatchVendor Advisory
- http://www.securityfocus.com/bid/5514PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9899
- http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt
- http://marc.info/?l=bugtraq&m=102978673018271&w=2
- http://www.debian.org/security/2002/dsa-153PatchVendor Advisory
- http://www.securityfocus.com/bid/5514PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9899
FAQ
What is CVE-2002-1112?
CVE-2002-1112 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
How severe is CVE-2002-1112?
CVE-2002-1112 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1112?
Check the references section above for vendor advisories and patch information. Affected products include: Mantis Mantis.