Vulnerability Details CVE-2002-1112
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt
- http://marc.info/?l=bugtraq&m=102978673018271&w=2
- http://www.debian.org/security/2002/dsa-153
- http://www.securityfocus.com/bid/5514
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9899
- http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt
- http://marc.info/?l=bugtraq&m=102978673018271&w=2
- http://www.debian.org/security/2002/dsa-153
- http://www.securityfocus.com/bid/5514
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9899
Products affected by CVE-2002-1112
-
cpe:2.3:a:mantis:mantis:0.15.10
-
cpe:2.3:a:mantis:mantis:0.15.11
-
cpe:2.3:a:mantis:mantis:0.15.12
-
cpe:2.3:a:mantis:mantis:0.15.3
-
cpe:2.3:a:mantis:mantis:0.15.4
-
cpe:2.3:a:mantis:mantis:0.15.5
-
cpe:2.3:a:mantis:mantis:0.15.6
-
cpe:2.3:a:mantis:mantis:0.15.7
-
cpe:2.3:a:mantis:mantis:0.15.8
-
cpe:2.3:a:mantis:mantis:0.15.9
-
cpe:2.3:a:mantis:mantis:0.16.0
-
cpe:2.3:a:mantis:mantis:0.16.1
-
cpe:2.3:a:mantis:mantis:0.17.0
-
cpe:2.3:a:mantis:mantis:0.17.1
-
cpe:2.3:a:mantis:mantis:0.17.2
-
cpe:2.3:a:mantis:mantis:0.17.3