'[oss-security] Re: CVE Request: CAPTCHA bypass in MantisBT'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Request: CAPTCHA bypass in MantisBT
From:       cve-assign () mitre ! org
Date:       2014-11-27 4:12:25
Message-ID: 20141127041225.35689ABC008 () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
> https://www.mantisbt.org/bugs/view.php?id=17811

> Use session rather than form key for captcha

Use CVE-2014-9117.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUdqMOAAoJEKllVAevmvmszB4IAJoBUTi5IJUsPH65tiLEjH4k
6YR4uZ7FJNy6lhDa5r0IwD6CfWcksgyvj3oPdI1SBp8308H8WpT+QaXzaSQxVlEy
QOOf8AztSjIR+PHNJZmzEFxp5J3WVsKq53UbIa0u83WwhencGohGNwABujR28A/X
2ARnctHzt8+YEUyhLTcAsYqAzgusvozVuN4sGiIdBwXRMzO6y+bbtqhe+nplBSbs
LY0r8pfz1Zvlz2sRaq73ySBSGhWKtF2FRoirvbuEPkwg+VlUaFT//nnWm06IfOF9
3u5F2jpRsb95OX9U6+OlPYxqZyTsI7P4840ZAarDBMgwHc1BVGTfbfprjxDKSco=
=Tmxs
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic