Executive Summary

Informations
NameCVE-2014-1985First vendor Publication2014-04-11
VendorCveLast vendor Modification2017-12-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score5.8Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1985

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application59

Nessus® Vulnerability Scanner

DateDescription
2015-12-10Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c2efcd469ed511e58f5c002590263bf5.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/66674
CONFIRM http://www.redmine.org/projects/redmine/wiki/Changelog
http://www.redmine.org/projects/redmine/wiki/Changelog_2_4
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce06160...
JVN http://jvn.jp/en/jp/JVN93004610/index.html
JVNDB http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html
MLIST http://seclists.org/oss-sec/2014/q2/84

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2017-12-16 09:21:41
  • Multiple Updates
2017-12-01 12:05:39
  • Multiple Updates
2016-04-27 00:25:29
  • Multiple Updates
2015-12-11 13:25:50
  • Multiple Updates
2015-08-13 17:29:04
  • Multiple Updates
2015-08-07 17:26:11
  • Multiple Updates
2015-08-05 21:26:41
  • Multiple Updates
2015-05-21 00:27:01
  • Multiple Updates
2015-05-19 21:27:51
  • Multiple Updates
2015-05-16 09:26:45
  • Multiple Updates
2014-04-14 17:20:09
  • Multiple Updates
2014-04-11 21:22:17
  • First insertion