Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Oct 2015 01:53:36 +0000
From: Yusaku Sako <yusaku@...tonworks.com>
To: Robert Levas <rlevas@...tonworks.com>, "user@...ari.apache.org"
	<user@...ari.apache.org>, "dev@...ari.apache.org" <dev@...ari.apache.org>,
	"security@...che.org" <security@...che.org>,
	"oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
	"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: [CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI
 parameter can enable phishing exploits

CVE-2015-5210: Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: 1.7.0 to 2.1.1

Versions Fixed: 2.1.2

Description: A redirect to an untrusted server is possible via unvalidated input that specifies a redirect URL upon successful login.

Mitigation: Ambari users should upgrade to version 2.1.2 or above. Version 2.1.2 onwards redirect locations must be relative URLs.

References: https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ