oss-sec mailing list archives
[CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits
From: Yusaku Sako <yusaku () hortonworks com>
Date: Tue, 13 Oct 2015 01:53:36 +0000
CVE-2015-5210: Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits Severity: Important Vendor: The Apache Software Foundation Versions Affected: 1.7.0 to 2.1.1 Versions Fixed: 2.1.2 Description: A redirect to an untrusted server is possible via unvalidated input that specifies a redirect URL upon successful login. Mitigation: Ambari users should upgrade to version 2.1.2 or above. Version 2.1.2 onwards redirect locations must be relative URLs. References: https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities
Current thread:
- [CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits Yusaku Sako (Oct 12)