Test ID:	1.3.6.1.4.1.25623.1.0.68757
Category:	Fedora Local Security Checks
Title:	Fedora Core 13 FEDORA-2010-19070 (mantis)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mantis announced via advisory FEDORA-2010-19070. Update Information: This update fixes multiple security issues recently found in Mantis. For more details about the issues in upstream bugs: http://www.mantisbt.org/bugs/view.php?id=12607 http://www.mantisbt.org/bugs/view.php?id=12309 References: [ 1 ] Bug #640746 - CVE-2010-3763 MantisBT: XSS in Summary page https://bugzilla.redhat.com/show_bug.cgi?id=640746 [ 2 ] Bug #663230 - CVE-2010-4348 CVE-2010-4349 CVE-2010-4350 MantisBT Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update mantis' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-19070 Risk factor : High CVSS Score: 5.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3763 BugTraq ID: 43837 http://www.securityfocus.com/bid/43837 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html http://security.gentoo.org/glsa/glsa-201211-01.xml http://www.openwall.com/lists/oss-security/2010/09/14/12 http://www.openwall.com/lists/oss-security/2010/09/14/13 http://secunia.com/advisories/42772 http://secunia.com/advisories/51199 http://www.vupen.com/english/advisories/2011/0002 Common Vulnerability Exposure (CVE) ID: CVE-2010-4348 42772 51199 ADV-2011-0002 FEDORA-2010-19070 FEDORA-2010-19078 GLSA-201211-01 [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability http://openwall.com/lists/oss-security/2010/12/15/4 [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability http://openwall.com/lists/oss-security/2010/12/16/1 http://www.mantisbt.org/blog/?p=123 http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 http://www.mantisbt.org/bugs/view.php?id=12607 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php https://bugzilla.redhat.com/show_bug.cgi?id=663230 Common Vulnerability Exposure (CVE) ID: CVE-2010-4349 mantisbt-dbtype-path-disclosure(64463) https://exchange.xforce.ibmcloud.com/vulnerabilities/64463 Common Vulnerability Exposure (CVE) ID: CVE-2010-4350 [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability http://openwall.com/lists/oss-security/2010/12/15/5 [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability http://openwall.com/lists/oss-security/2010/12/16/2 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php Common Vulnerability Exposure (CVE) ID: CVE-2010-3070 41653 http://secunia.com/advisories/41653 42959 http://www.securityfocus.com/bid/42959 ADV-2010-2535 http://www.vupen.com/english/advisories/2010/2535 FEDORA-2010-14098 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048317.html FEDORA-2010-14100 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048325.html FEDORA-2010-15061 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html FEDORA-2010-15080 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html FEDORA-2010-15082 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html [mantisbt-announce] 20100914 MantisBT 1.2.3 Released http://sourceforge.net/mailarchive/message.php?msg_name=4C8FC573.3060900%40leetcode.net [oss-security] 20100903 CVE request: XSS in nusoap http://www.openwall.com/lists/oss-security/2010/09/03/2 [oss-security] 20100907 Re: CVE request: XSS in nusoap http://www.openwall.com/lists/oss-security/2010/09/07/4 [oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS) [oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595248 http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blob%3Bf=debian/patches/595248.patch%3Bh=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=268f03b88c6900d1a87b17734c248c705c22cb07 http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blobdiff%3Bf=debian/patches/595248.patch%3Bh=11202fa70433b62aeab7dfc68af668329bc0fe7e%3Bhp=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=3ac7a26a49086c6b91fb79e5acafcfcdc5d6980a%3Bhpb=268f03b88c6900d1a87b17734c248c705c22cb07 http://git.mantisbt.org/?p=mantisbt.git%3Ba=commit%3Bh=edb817991b99cd5538f102be26865fde7c6b7212 http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005 http://www.mantisbt.org/bugs/changelog_page.php?version_id=111 http://www.mantisbt.org/bugs/view.php?id=12312 https://bugzilla.redhat.com/show_bug.cgi?id=629585 https://bugzilla.redhat.com/show_bug.cgi?id=633011 Common Vulnerability Exposure (CVE) ID: CVE-2010-2574 Bugtraq: 20100805 Secunia Research: MantisBT "Add Category" Script Insertion Vulnerability (Google Search) http://www.securityfocus.com/archive/1/512886/100/0/threaded http://secunia.com/secunia_research/2010-103/ http://secunia.com/advisories/40832 Common Vulnerability Exposure (CVE) ID: CVE-2010-3303 43604 http://www.securityfocus.com/bid/43604 http://www.openwall.com/lists/oss-security/2010/09/14/19 [oss-security] 20100916 Re: CVE request: mantis before 1.2.3 (XSS) http://www.openwall.com/lists/oss-security/2010/09/16/16 http://www.mantisbt.org/bugs/view.php?id=12231 http://www.mantisbt.org/bugs/view.php?id=12232 http://www.mantisbt.org/bugs/view.php?id=12234 http://www.mantisbt.org/bugs/view.php?id=12238
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.