CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mantis | Mantis | 1.0.0_rc3 | 1.0.0_rc3 |
Mantis | Mantis | 1.0.0_rc1 | 1.0.0_rc1 |
Mantis | Mantis | 1.0.0_rc2 | 1.0.0_rc2 |
Mantis | Mantis | 1.0.0a3 | 1.0.0a3 |
Mantis | Mantis | 1.0.0a1 | 1.0.0a1 |
Mantis | Mantis | 1.0.0a2 | 1.0.0a2 |