製品・ソフトウェアに関する情報

JVN脆弱性詳細

phpBB におけるオープンリダイレクトの脆弱性

Title	phpBB におけるオープンリダイレクトの脆弱性
Summary	phpBB には、オープンリダイレクトの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 4, 2015, midnight
Registration Date	Oct. 12, 2017, 5:31 p.m.
Last Update	Oct. 12, 2017, 5:31 p.m.

Affected System

phpBB

phpBB 3.0.14 未満

phpBB 3.1.4 未満の 3.1.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-3880	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3880
National Vulnerability Database (NVD)
2	CVE-2015-3880	https://nvd.nist.gov/vuln/detail/CVE-2015-3880

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-601	https://cwe.mitre.org/data/definitions/601.html

ベンダー情報

No	Name	URL
Development Wiki
1	Release Highlights/3.0.14	https://wiki.phpbb.com/Release_Highlights/3.0.14
2	Release Highlights/3.1.4	https://wiki.phpbb.com/Release_Highlights/3.1.4
GitHub
3	Merge remote-tracking branch 'phpbb-security/ticket/security-180' into prep-release-3.0.14	https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
phpBB
4	phpBB 3.0.14 and 3.1.4 Release - Please Update	https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941

Change Log

No	Changed Details	Date of change
0	[2017年10月12日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-3880

Summary	Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Publication Date	Sept. 20, 2017, 12:29 a.m.
Registration Date	Jan. 26, 2021, 2:50 p.m.
Last Update	Nov. 21, 2024, 11:30 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2015/05/12/10	Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2015/05/12/10	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/74592	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/74592	Third Party Advisory VDB Entry
5	https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04	Patch Third Party Advisory
6	https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04	Patch Third Party Advisory
7	https://wiki.phpbb.com/Release_Highlights/3.0.14	Third Party Advisory
8	https://wiki.phpbb.com/Release_Highlights/3.0.14	Third Party Advisory
9	https://wiki.phpbb.com/Release_Highlights/3.1.4	Third Party Advisory
10	https://wiki.phpbb.com/Release_Highlights/3.1.4	Third Party Advisory
11	https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941	Vendor Advisory
12	https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-601	オープンリダイレクト	https://cwe.mitre.org/data/definitions/601.html