Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5252

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-5252
Last Modified 16 Jan 2013 12:00:00
Published 11 Jan 2013 11:33:48
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5252

Summary

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.

Vulnerable Systems

Application

  • Codeplex Orchard 1.0

  • Codeplex Orchard 1.0.20

  • Codeplex Orchard 1.1

  • Codeplex Orchard 1.1.30

  • Codeplex Orchard 1.2

  • Codeplex Orchard 1.2.41

  • Codeplex Orchard 1.3

  • Codeplex Orchard 1.3.10

  • Codeplex Orchard 1.3.9

  • Orchardproject Orchard 1.0

  • Orchardproject Orchard 1.0.20

  • Orchardproject Orchard 1.1

  • Orchardproject Orchard 1.1.30

  • Orchardproject Orchard 1.2

  • Orchardproject Orchard 1.2.41

  • Orchardproject Orchard 1.3

  • Orchardproject Orchard 1.3.10

  • Orchardproject Orchard 1.3.9


References

XF - orchard-returnurl-url-redirection(72110)

BID - 51260

MISC - http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/

SECUNIA - 47398

CONFIRM - http://orchard.codeplex.com/discussions/283667

BUGTRAQ - 20120104 Open Redirection Vulnerability in Orchard 1.3.9


Last Updated: 27 May 2016 11:01:38