[CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits

[Yusaku Sako <yusaku () hortonworks com>]

CVE-2015-5210: Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: 1.7.0 to 2.1.1

Versions Fixed: 2.1.2

Description: A redirect to an untrusted server is possible via unvalidated input that specifies a redirect URL upon 
successful login.

Mitigation: Ambari users should upgrade to version 2.1.2 or above. Version 2.1.2 onwards redirect locations must be 
relative URLs.

References: https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities