CVE-2014-6387

Publication date 22 October 2014

Last updated 24 July 2024


Ubuntu priority

gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.

Status

Package Ubuntu Release Status
mantis 17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life