Vulnerability Details : CVE-2013-1883
Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-1883
- cpe:2.3:a:mantisbt:mantisbt:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.14:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1883
1.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1883
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-1883
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1883
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/83347
MantisBT filter_api.php denial of service CVE-2013-1883 Vulnerability Report
-
https://github.com/mantisbt/mantisbt/commit/d16988c3ca232a7
Fix filter api issue with 'any condition' and text search · mantisbt/mantisbt@d16988c · GitHubExploit;Patch
-
http://www.mantisbt.org/bugs/view.php?id=15573
0015573: CVE-2013-1883: One query can be issued via current Mantis interface to take down site - MantisBTExploit
-
http://www.openwall.com/lists/oss-security/2013/03/22/2
oss-security - Re: CVE request: MantisBT text search query can crash site
-
http://www.securityfocus.com/bid/58626
MantisBT 'filter_api.php' Denial of Service Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=924340
924340 – (CVE-2013-1883) CVE-2013-1883 mantis: Site / db server DoS via certain View Issues page search query
Jump to