1
Candidate: CVE-2015-1042
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1042
5
https://www.mantisbt.org/bugs/view.php?id=17997
6
http://github.com/mantisbt/mantisbt/commit/d95f070d
8
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3
9
through 1.2.18 uses an incorrect regular expression, which allows remote
10
attackers to conduct open redirect and phishing attacks via a URL with a
11
":/" (colon slash) separator in the return parameter to login_page.php, a
12
different vulnerability than CVE-2014-6316.
21
upstream_mantis: needs-triage
22
lucid_mantis: ignored (reached end-of-life)
23
precise_mantis: ignored (reached end-of-life)
24
precise/esm_mantis: DNE (precise was needed)
28
vivid/stable-phone-overlay_mantis: DNE
29
vivid/ubuntu-core_mantis: DNE