CVE-2011-5251

Current Description

Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.

Basic Data

PublishedDecember 31, 2012
Last ModifiedJanuary 03, 2013
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationVbulletinVbulletin4.0.0*******
    2.3ApplicationVbulletinVbulletin4.0.1*******
    2.3ApplicationVbulletinVbulletin4.0.2*******
    2.3ApplicationVbulletinVbulletin4.0.3*******
    2.3ApplicationVbulletinVbulletin4.0.4*******
    2.3ApplicationVbulletinVbulletin4.0.5*******
    2.3ApplicationVbulletinVbulletin4.0.6*******
    2.3ApplicationVbulletinVbulletin4.0.7*******
    2.3ApplicationVbulletinVbulletin4.0.8*******
    2.3ApplicationVbulletinVbulletin4.1*******
    2.3ApplicationVbulletinVbulletin4.1.1*******
    2.3ApplicationVbulletinVbulletin4.1.2*******
    2.3ApplicationVbulletinVbulletin********4.1.3

Vulnerable Software List

VendorProductVersions
Vbulletin Vbulletin *, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1, 4.1.1, 4.1.2

References

NameSourceURLTags
http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441CONFIRM