Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3540

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-3540
Last Modified 06 Nov 2012 12:14:05
Published 05 Sep 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3540

Summary

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

Vulnerable Systems

Application

  • Openstack Horizon 2012.1


References

MLIST - [openstack] 20120830 Re: [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)

MLIST - [openstack] 20120830 [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542)

CONFIRM - https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b

CONFIRM - https://bugs.launchpad.net/horizon/+bug/1039077

XF - openstackdashboard-next-open-redirect(78196)

BID - 55329

MLIST - [oss-security] 20120830 Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)

MLIST - [oss-security] 20120830 [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542)

SECUNIA - 50480

UBUNTU - USN-1565-1


Last Updated: 27 May 2016 11:00:27