CVE-2005-4521

Publication date 28 December 2005

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Description

CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.

Status

Package Ubuntu Release Status
mantis 7.04 feisty
Fixed 0.19.4-2
6.10 edgy
Fixed 0.19.4-2
6.06 LTS dapper
Fixed 0.19.4-2

References

Other references

Access our resources on patching vulnerabilities