View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0019275 | mantisbt | security | public | 2015-01-27 04:49 | 2015-03-15 19:58 |
| Reporter | dregad | Assigned To | dregad | ||
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.3.0-beta.1 | ||||
| Target Version | 1.3.0-beta.2 | Fixed in Version | 1.3.0-beta.2 | ||
| Summary | 0019275: CVE-2015-1042: URL redirection issue | ||||
| Description | This is a clone of 0017997 to track the vulnerability in 1.3.x branch | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master e7e2b550 2015-01-10 12:25 Details Diff |
Fix URL redirection issue in login_page.php The fix for issue 0017648 failed to correct all cases of redirection. Alejo Popovici discovered that the regex checking for URLs pointing to other domains considered an URL with a single '/' as local, allowing redirection e.g. to http:/google.com on certain browsers. Fixes 0017997 (CVE-2015-1042) |
Affected Issues 0017648, 0017997, 0019275 |
|
| mod - core/string_api.php | Diff File | ||
