SNS Vulnerability

Redmine Open Redirect Vulnerability Fixed by 3.1.1

Description

(#A vulnerability has been identified in Redmine.#A remote attacker could exploit it in order to redirect their victim to an arbitrary and potentially malicious webpage.##No further information is available.#Updated, 04/12/2015:#The redmine packages provided by Debian Squeeze 6, Wheezy 7 and Jessie 8 are vulnerable.)

Vulnerable Products

Vulnerable OS:
FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 6, 7, 8Vulnerable Software:
Redmine (Redmine) - 3.0.0, 3.1.0

Solution

Fixed redmine packages for Debian Jessie 8 are available.

CVE

CVE-2015-8474

References

- Redmine : 3.1.1 (2015-09-20)
http://www.redmine.org/projects/redmine/wiki/Changelog
- Debian Security Tracker : redmine
https://security-tracker.debian.org/tracker/CVE-2015-8474
- FreeBSD ports status : redmine
http://portsmon.freebsd.org/portoverview.py?category=&portname=redmine&wildcard=
- VuXML : redmine -- open redirect vulnerability
http://www.vuxml.org/freebsd/3ec2e0bc-9ed7-11e5-8f5c-002590263bf5.html
- DSA 3529-1 : redmine security update
https://lists.debian.org/debian-security-announce/2016/msg00102.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
Site with open redirect	4.0.0

Risk level

Low

Vulnerability First Public Report Date

2015-09-20

Target Type

Server

Possible exploit

Remote