CVE-2011-5252

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html	Exploit
http://orchard.codeplex.com/discussions/283667
http://secunia.com/advisories/47398	Vendor Advisory
http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/	Exploit
http://www.securityfocus.com/bid/51260	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72110
http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html	Exploit
http://orchard.codeplex.com/discussions/283667
http://secunia.com/advisories/47398	Vendor Advisory
http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/	Exploit
http://www.securityfocus.com/bid/51260	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72110

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:orchardproject:orchard:1.0:::::::*
	cpe:2.3:a:orchardproject:orchard:1.0.20:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:orchardproject:orchard:1.1:::::::*
	cpe:2.3:a:orchardproject:orchard:1.1.30:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:orchardproject:orchard:1.2:::::::*
	cpe:2.3:a:orchardproject:orchard:1.2.41:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:orchardproject:orchard:1.3:::::::*
	cpe:2.3:a:orchardproject:orchard:1.3.9:::::::*
	cpe:2.3:a:orchardproject:orchard:1.3.10:::::::*

History

No history.

Information

Published : 2013-01-12 04:33

Updated : 2025-04-11 00:51

NVD link : CVE-2011-5252

Mitre link : CVE-2011-5252

CVE.ORG link : CVE-2011-5252

JSON object : View

Products Affected

orchardproject

orchard

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-5252", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-01-12T04:33:48.993", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://orchard.codeplex.com/discussions/283667", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/47398", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51260", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://orchard.codeplex.com/discussions/283667", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/47398", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/51260", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en Users/Account/LogOff en Orchard 1.0.x anterior a 1.0.21, 1.1.x anterior a 1.1.31, 1.2.x anterior a 1.2.42, y 1.3.x anterior a 1.3.10, permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro ReturnUrl."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "822D03B1-1FC6-43BA-B031-EE622E8AAB16"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.0.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F549E56B-16A4-41E5-A6E4-59D954D8613C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:orchardproject:orchard:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6F6CC14-867D-4573-B0FB-7FD6D82F1100"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.1.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BFF61D4-3E3B-4EC1-9B47-85A06D800109"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:orchardproject:orchard:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BFA6EB5-13A9-4D08-9228-AC5856BC4624"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.2.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA0B0316-055A-4DB1-AC20-30351C9FE980"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:orchardproject:orchard:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D4467A8-D305-41BE-BE2E-AD8C57C73E5B"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D73D90C-0E3B-43C4-9EB8-36FF8C63D50C"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F24BBF1A-E611-432C-870F-5E5970620559"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}