SNS Vulnerability

Fedora Security Update Fixes Mantis Attached Files Cross Site Scripting

Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an error in the "view.php" script within Mantis when handling specially crafted filenames, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Vulnerable Products

Vulnerable Software:
Fedora 7Fedora 8

Solution

Upgrade the affected packages :ce45d334069c3bb251ce07951d52061f74db6495 mantis-config-httpd-1.1.0-1.fc7.noarch.rpmd0a7684c55a7893859479e677b0327f6c28f993c mantis-1.1.0-1.fc7.noarch.rpmd6494ebcafee111b06ff3577620f769d46bfaedb mantis-1.1.0-1.fc7.src.rpm2f1ef51b26211083f722a10f0a16c588b7d007fe mantis-config-httpd-1.1.0-1.fc8.noarch.rpm3055bf43d1633d367771c4239dfd57b33a997933 mantis-1.1.0-1.fc8.noarch.rpmb3292df0950a4ebab4443cb49764bab2d7737f5c mantis-1.1.0-1.fc8.src.rpm

CVE

CVE-2007-6611

References

http://www.mantisbt.org/bugs/view.php?id=8679
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Low

Vulnerability First Public Report Date

2008-01-07

Target Type

Client

Possible exploit

Local & Remote