First published: Thu Mar 21 2013(Updated: )
A denial of service flaw was found in the way MantisBT, a free popular web-based issue tracking system, performed processing of certain type of View Issues page search queries. A remote attacker could provide a specially-crafted query (filter combining some criteria and a text search with 'any condition') that, when processed by the MantisBT system, would lead to excessive system resources consumption (denial of service), possibly leading to complete MantisBT server instance unavailability. References: [1] <a href="http://www.openwall.com/lists/oss-security/2013/03/21/3">http://www.openwall.com/lists/oss-security/2013/03/21/3</a> Upstream bug report: [2] <a href="http://www.mantisbt.org/bugs/view.php?id=15573">http://www.mantisbt.org/bugs/view.php?id=15573</a> Relevant upstream patch: [3] <a href="https://github.com/mantisbt/mantisbt/commit/d16988c3ca232a7">https://github.com/mantisbt/mantisbt/commit/d16988c3ca232a7</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mantisbt Mantisbt | =1.2.12 | |
Mantisbt Mantisbt | =1.2.13 | |
Mantisbt Mantisbt | =1.2.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.