NVD

Id
23430  
Name
CVE-2015-1042  
Description
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-02-10  
Modified Date
2015-11-27  
Seq
2015-1042  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
124058 23430 CVE-2015-1042 http://packetstormsecurity.com/files/130142/Mantis-BugTracker-1.2.19-Open-Redirect.html  View
124059 23430 CVE-2015-1042 20150128 CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ("Open Redirect")  View
124060 23430 CVE-2015-1042 [oss-security] 20150110 Re: CVE-2014-6316: URL redirection issue in MantisBT  View
124061 23430 CVE-2015-1042 [oss-security] 20150111 Re: Re: CVE-2014-6316: URL redirection issue in MantisBT  View
124062 23430 CVE-2015-1042 1031633  View
124063 23430 CVE-2015-1042 https://www.mantisbt.org/bugs/view.php?id=17997  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
6213 JVNDB-2015-001533 MantisBT の core/string_api.php の string_sanitize_url 関数におけるオープンリダイレクトの脆弱性 MantisBT の core/string_api.php の string_sanitize_url 関数は、不正な正規表現を使用するため、オープンリダイレクトの脆弱性が存在します。 CVE-2015-1042 78267 CVE-2015-1042 23430 5.8 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001533.html 2015-01-16 2015-02-19 View