Lucene search
HistoryOct 22, 2014 - 2:55 p.m.
CVE-2014-6387
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.6
Confidence
Low
EPSS
0.004
Percentile
72.8%
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
Affected configurations
Node
mantisbtmantisbtRange≤1.2.17
ORmantisbtmantisbtMatch1.2.0
ORmantisbtmantisbtMatch1.2.0alpha1
ORmantisbtmantisbtMatch1.2.0alpha2
ORmantisbtmantisbtMatch1.2.0alpha3
ORmantisbtmantisbtMatch1.2.0rc1
ORmantisbtmantisbtMatch1.2.0rc2
ORmantisbtmantisbtMatch1.2.1
ORmantisbtmantisbtMatch1.2.2
ORmantisbtmantisbtMatch1.2.3
ORmantisbtmantisbtMatch1.2.4
ORmantisbtmantisbtMatch1.2.5
ORmantisbtmantisbtMatch1.2.6
ORmantisbtmantisbtMatch1.2.7
ORmantisbtmantisbtMatch1.2.8
ORmantisbtmantisbtMatch1.2.9
ORmantisbtmantisbtMatch1.2.10
ORmantisbtmantisbtMatch1.2.11
ORmantisbtmantisbtMatch1.2.12
ORmantisbtmantisbtMatch1.2.13
ORmantisbtmantisbtMatch1.2.14
ORmantisbtmantisbtMatch1.2.15
ORmantisbtmantisbtMatch1.2.16
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mantisbt | mantisbt | * | cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.0 | cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.0 | cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha1:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.0 | cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha2:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.0 | cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha3:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.0 | cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc1:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.0 | cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc2:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.1 | cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.2 | cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:* |
| mantisbt | mantisbt | 1.2.3 | cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:* |
Related
nessus
nessus
Fedora 21 : mantis-1.2.17-3.fc21 (2014-12184)
2014-10-12 00:00:00
Fedora 20 : mantis-1.2.17-3.fc20 (2014-12146)
2014-10-12 00:00:00
Fedora 19 : mantis-1.2.17-3.fc19 (2014-12165)
2014-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-6387
2014-10-22 00:00:00
cve
cve
CVE-2014-6387
2014-10-22 14:55:06
fedora
fedora
[SECURITY] Fedora 21 Update: mantis-1.2.17-3.fc21
2014-10-12 05:06:38
[SECURITY] Fedora 20 Update: mantis-1.2.17-3.fc20
2014-10-12 05:01:05
[SECURITY] Fedora 19 Update: mantis-1.2.17-3.fc19
2014-10-12 05:06:22
prion
prion
Authentication flaw
2014-10-22 14:55:00
cvelist
cvelist
CVE-2014-6387
2014-10-22 14:00:00
openvas
openvas
Fedora Update for mantis FEDORA-2014-12146
2014-10-13 00:00:00
Fedora Update for mantis FEDORA-2014-12165
2014-10-13 00:00:00
Fedora Update for mantis FEDORA-2014-15108
2014-12-12 00:00:00
archlinux
archlinux
mantisbt: multiple issues
2014-12-08 00:00:00
osv
osv
mantis - security update
2015-01-06 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.6
Confidence
Low
EPSS
0.004
Percentile
72.8%
Related for NVD:CVE-2014-6387