Full Disclosure mailing list archives
java.com | Arbitrary URL Redirect Vulnerability
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Sun, 24 Apr 2011 02:07:15 +0800
================================== java.com | Arbitrary URL Redirect Vulnerability ================================== 1. VULNERABILITY DESCRIPTION -> Arbitrary URL Redirect http://java.com/inc/BrowserRedirect1.jsp?locale=en&host=attacker.in Demo: http://yehg.net/lab/pr0js/training/view/misc/java.com_Arbitrary_URL_Redirect/ 2. VENDOR Oracle Inc http://www.oracle.com 3. VULNERABILITY STATUS FIXED 4. DISCLOSURE TIME-LINE 2011-04-19: reported vendor 2011-04-23: vendor fixed the issue 2011-04-24: vulnerability disclosed 5. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/sites/java.com/[java.com]_url_redirection OWASP-Top-10_2010-A10: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project SANS-TOP-23: http://www.sans.org/top25-software-errors/ CWE-601: http://cwe.mitre.org/data/definitions/601.html #yehg [2011-04-24] --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- java.com | Arbitrary URL Redirect Vulnerability YGN Ethical Hacker Group (Apr 23)