Re: Re: CVE-2014-6316: URL redirection issue in MantisBT

[cve-assign () mitre org]

> During follow-up tests he performed on the fix for CVE-2014-6316 (which was 
> released in MantisBT 1.2.18), Alejo Popovici noticed [1] that the earlier fix 
> was only partial.
>
> With certain browsers (FF 34, Chrome 39 but not IE11) it is still possible to 
> effect a cross-domain redirection using a redirect address having a single 
> slash, e.g.
>
> - http://example.com/mantis/login_page.php?return=https:/google.com or
> - https://example.com/mantis/login_page.php?return=http:/google.com
>
> This is essentially the same vulnerability that was described in 
> CVE-2014-6316, but due to a different root cause (for which a patch will be 
> issued soon).
>
> I would like to know if I should be using the same CVE ID, or if a new one 
> needs to be issued.
>
> Thanks in advance.
>
> Damien Regad
> MantisBT Developer
>
>
> [1] https://www.mantisbt.org/bugs/view.php?id=17997

CVE creates separate identifiers if two bugs do not affect the same 
versions.  This can occur with incomplete fixes.  Since bug 17997 affects 
1.2.18 but CVE-2014-6316 does not, a separate CVE ID is used.

Use CVE-2015-1042.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]