Detections
Analytics

CVE-2005-4521

medium

Description

CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.

References

http://www.vupen.com/english/advisories/2005/3064

http://www.securityfocus.com/bid/16046/

http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml

http://www.debian.org/security/2005/dsa-944

http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963

http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963

http://secunia.com/advisories/18481

http://secunia.com/advisories/18221

http://secunia.com/advisories/18181/

Details

Source: Mitre, NVD

Published: 2005-12-28

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01046