CVE-2012-3540

Exploit

EPSS 1.91%
Veröffentlicht 05.09.2012 23:55:02
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/.  NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Horizon Version2012.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.91%	0.829

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/50480

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/08/30/4

http://www.openwall.com/lists/oss-security/2012/08/30/5

http://www.securityfocus.com/bid/55329

http://www.ubuntu.com/usn/USN-1565-1

https://bugs.launchpad.net/horizon/+bug/1039077

https://exchange.xforce.ibmcloud.com/vulnerabilities/78196

https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b

Patch

Exploit

https://lists.launchpad.net/openstack/msg16278.html