VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 9 of 42
  • CVE-2018-10678MedMay 13, 2018
    risk 0.40cvss 6.1epss 0.01

    MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.

  • CVE-2018-1000174MedMay 8, 2018
    risk 0.40cvss 6.1epss 0.01

    An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.

  • CVE-2018-1248MedMay 8, 2018
    risk 0.40cvss 6.1epss 0.02

    RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to…

  • CVE-2017-18262MedApr 30, 2018
    risk 0.40cvss 6.1epss 0.01

    Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.

  • CVE-2017-0364MedApr 13, 2018
    risk 0.40cvss 6.1epss 0.01

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

  • CVE-2017-0363MedApr 13, 2018
    risk 0.40cvss 6.1epss 0.01

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.

  • CVE-2017-7153MedApr 3, 2018
    risk 0.40cvss 6.1epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue…

  • CVE-2018-3819MedMar 30, 2018
    risk 0.40cvss 6.1epss 0.01

    The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

  • CVE-2018-8937MedMar 26, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.

  • CVE-2018-1220MedMar 8, 2018
    risk 0.40cvss 6.1epss 0.02

    EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users.

  • CVE-2018-7473MedMar 7, 2018
    risk 0.40cvss 6.1epss 0.01

    Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL.

  • CVE-2018-6324MedFeb 16, 2018
    risk 0.40cvss 6.1epss 0.01

    F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.

  • CVE-2017-8945MedFeb 15, 2018
    risk 0.40cvss 6.1epss 0.02

    A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.

  • CVE-2017-18178MedFeb 12, 2018
    risk 0.40cvss 6.1epss 0.02

    Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.

  • CVE-2018-6520MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.

  • CVE-2017-2166MedJan 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2018-6200MedJan 25, 2018
    risk 0.40cvss 6.1epss 0.04

    vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.

  • CVE-2018-0097MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An…

  • CVE-2017-1534MedJan 10, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL…

  • CVE-2017-1668MedJan 9, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL…