PT-2005-5203 · Mantis · Mantis
Tobias Klein
·
Publicado
2005-12-28
·
Atualizado
2011-03-08
·
CVE-2005-4521
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mantis versions 1.0.0rc3 and earlier
Description
The issue allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks. This can be achieved via the
return parameter in "login cookie test.php" and the ref parameter in "login select proj page.php".Recommendations
For Mantis versions 1.0.0rc3 and earlier, consider disabling the
return parameter in login cookie test.php and the ref parameter in login select proj page.php as a temporary workaround until a patch is available. Restrict access to these parameters to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mantis