This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200809-10
(Mantis: Multiple vulnerabilities)
Antonio Parata and Francesco Ongaro reported a Cross-Site Request
Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a
Cross-Site Scripting vulnerability in return_dynamic_filters.php
(CVE-2008-3331), and an insufficient input validation in
adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability
in core/lang_api.php (CVE-2008-3333) has also been reported.
A remote attacker could exploit these vulnerabilities to execute
arbitrary HTML and script code, create arbitrary users with
administrative privileges, execute arbitrary PHP commands, and include
There is no known workaround at this time.
See also :
All Mantis users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/mantisbt-1.1.2'
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 34250 (gentoo_GLSA-200809-10.nasl)
CVE ID: CVE-2008-2276CVE-2008-3331CVE-2008-3332CVE-2008-3333
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.