CVE-2012-3540

Exploit

EPSS 1.92%
Veröffentlicht 05.09.2012 23:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/.  NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Horizon Version2012.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.92%	0.825

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/50480

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/08/30/4

http://www.openwall.com/lists/oss-security/2012/08/30/5

http://www.securityfocus.com/bid/55329

http://www.ubuntu.com/usn/USN-1565-1

https://bugs.launchpad.net/horizon/+bug/1039077

https://exchange.xforce.ibmcloud.com/vulnerabilities/78196

https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b

Patch

Exploit

https://lists.launchpad.net/openstack/msg16278.html

https://lists.launchpad.net/openstack/msg16281.html

https://nvd.nist.gov/vuln/detail/CVE-2012-3540

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3540

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3540

EUVD