Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Aug 2012 11:35:13 -0400
From: Russell Bryant <>
To: "" <>,,
Subject: Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next'
 parameter (CVE-2012-3540)

Hash: SHA1

This advisory included the wrong CVE.  It was CVE-2012-3540.  Sorry
about that.

On 08/30/2012 11:10 AM, Russell Bryant wrote:
> OpenStack Security Advisory: 2012-012 CVE: CVE-2012-3542

This should have been CVE-2012-3540

> Date: August 30, 2012 Title: Open redirect through 'next'
> parameter Impact: Medium Reporter: Thomas Biege (SUSE) Products:
> Horizon Affects: Essex (2012.1)
> Description: Thomas Biege from SUSE reported a vulnerability in
> Horizon authentication mechanism. By adding a malicious 'next'
> parameter to a Horizon authentication URL and enticing an
> unsuspecting user to follow it, the victim might get redirected
> after authentication to a malicious site where useful information
> could be extracted. Only setups running Essex are affected.
> Fixes: 2012.1: 
>  References: 

This should have been:

> Notes: This fix will be included in a future Essex (2012.1)
> release.

- -- 
Russell Bryant
OpenStack Vulnerability Management Team
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ