CVE - CVE-2005-4521

CVE-ID
CVE-2005-4521	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:16046 URL:http://www.securityfocus.com/bid/16046/ CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963 CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 DEBIAN:DSA-944 URL:http://www.debian.org/security/2005/dsa-944 GENTOO:GLSA-200512-12 URL:http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml MISC:http://www.trapkit.de/advisories/TKADV2005-11-002.txt SECUNIA:18181 URL:http://secunia.com/advisories/18181/ SECUNIA:18221 URL:http://secunia.com/advisories/18221 SECUNIA:18481 URL:http://secunia.com/advisories/18481 VUPEN:ADV-2005-3064 URL:~~http://www.vupen.com/english/advisories/2005/3064~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20051228	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051228)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)