CVE-2012-3540

Publication date 5 September 2012

Last updated 24 July 2024

Ubuntu priority

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
horizon	12.04 LTS precise	Fixed 2012.1.3+stable~20120815-691dd2-0ubuntu1.1
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1565-1
OpenStack Horizon vulnerability
13 September 2012

Other references

http://www.openwall.com/lists/oss-security/2012/08/30
https://www.cve.org/CVERecord?id=CVE-2012-3540