Executive Summary

Informations
Name CVE-2014-6316 First vendor Publication 2014-12-12
Vendor Cve Last vendor Modification 2017-09-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score 5.8 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6316

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 76

Nessus® Vulnerability Scanner

Date Description
2015-01-22 Name : The remote web server contains a PHP application that is affected by multiple...
File : mantis_1_2_18.nasl - Type : ACT_GATHER_INFO
2015-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3120.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-16504.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-16546.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-16609.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/71478
CONFIRM https://github.com/mantisbt/mantisbt/commit/e66ecc9f
https://www.mantisbt.org/bugs/view.php?id=17648
DEBIAN http://www.debian.org/security/2015/dsa-3120
MLIST http://seclists.org/oss-sec/2014/q4/931
http://www.openwall.com/lists/oss-security/2014/12/03/11
SECUNIA http://secunia.com/advisories/62101
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/99128

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Date Informations
2024-02-02 01:28:41
  • Multiple Updates
2024-02-01 12:08:27
  • Multiple Updates
2023-09-05 12:27:11
  • Multiple Updates
2023-09-05 01:08:19
  • Multiple Updates
2023-09-02 12:27:11
  • Multiple Updates
2023-09-02 01:08:27
  • Multiple Updates
2023-08-12 12:29:37
  • Multiple Updates
2023-08-12 01:07:56
  • Multiple Updates
2023-08-11 12:25:19
  • Multiple Updates
2023-08-11 01:08:09
  • Multiple Updates
2023-08-06 12:24:35
  • Multiple Updates
2023-08-06 01:07:55
  • Multiple Updates
2023-08-04 12:24:39
  • Multiple Updates
2023-08-04 01:07:59
  • Multiple Updates
2023-07-14 12:24:38
  • Multiple Updates
2023-07-14 01:07:58
  • Multiple Updates
2023-03-29 01:26:26
  • Multiple Updates
2023-03-28 12:08:18
  • Multiple Updates
2022-10-11 12:22:13
  • Multiple Updates
2022-10-11 01:08:07
  • Multiple Updates
2021-05-04 12:33:36
  • Multiple Updates
2021-04-22 01:40:22
  • Multiple Updates
2021-01-13 12:12:20
  • Multiple Updates
2021-01-13 01:12:27
  • Multiple Updates
2020-05-23 01:52:58
  • Multiple Updates
2020-05-23 00:42:02
  • Multiple Updates
2017-09-08 09:23:08
  • Multiple Updates
2017-01-03 09:22:54
  • Multiple Updates
2016-04-27 01:09:02
  • Multiple Updates
2015-12-02 17:26:09
  • Multiple Updates
2015-10-20 13:24:48
  • Multiple Updates
2015-01-23 13:24:40
  • Multiple Updates
2015-01-16 13:24:50
  • Multiple Updates
2015-01-15 13:23:23
  • Multiple Updates
2015-01-11 09:22:16
  • Multiple Updates
2015-01-09 13:26:16
  • Multiple Updates
2014-12-23 13:26:36
  • Multiple Updates
2014-12-13 00:23:08
  • Multiple Updates
2014-12-12 17:22:04
  • First insertion