CVE-2015-1042

EUVD-2015-1185
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
mantisbtmantisbt
1.2.0:alpha3
mantisbtmantisbt
1.2.0:rc1
mantisbtmantisbt
1.2.0:rc2
mantisbtmantisbt
1.2.1
mantisbtmantisbt
1.2.2
mantisbtmantisbt
1.2.3
mantisbtmantisbt
1.2.4
mantisbtmantisbt
1.2.5
mantisbtmantisbt
1.2.6
mantisbtmantisbt
1.2.7
mantisbtmantisbt
1.2.8
mantisbtmantisbt
1.2.9
mantisbtmantisbt
1.2.10
mantisbtmantisbt
1.2.11
mantisbtmantisbt
1.2.12
mantisbtmantisbt
1.2.13
mantisbtmantisbt
1.2.14
mantisbtmantisbt
1.2.15
mantisbtmantisbt
1.2.16
mantisbtmantisbt
1.2.17
mantisbtmantisbt
1.2.18
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mantis
lucid
ignored
precise
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
References
http://packetstormsecurity.com/files/130142/Mantis-BugTracker-1.2.19-Open-Redirect.html
http://seclists.org/fulldisclosure/2015/Jan/110
http://www.openwall.com/lists/oss-security/2015/01/10/5
http://www.openwall.com/lists/oss-security/2015/01/11/8
http://www.securitytracker.com/id/1031633
https://www.mantisbt.org/bugs/view.php?id=17997
http://packetstormsecurity.com/files/130142/Mantis-BugTracker-1.2.19-Open-Redirect.html
http://seclists.org/fulldisclosure/2015/Jan/110
http://www.openwall.com/lists/oss-security/2015/01/10/5
http://www.openwall.com/lists/oss-security/2015/01/11/8
http://www.securitytracker.com/id/1031633
https://www.mantisbt.org/bugs/view.php?id=17997