{"api_version":"1","generated_at":"2026-04-22T19:58:23+00:00","cve":"CVE-2011-1594","urls":{"html":"https://cve.report/CVE-2011-1594","api":"https://cve.report/api/cve/CVE-2011-1594.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-1594","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-1594"},"summary":{"title":"Spacewalk: spacewalk: open redirect vulnerability enables phishing attacks via url parameter","description":"A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to unauthorized information disclosure or credential theft.","state":"PUBLISHED","assigner":"redhat","published_at":"2014-02-05 18:55:04","updated_at":"2026-04-02 22:16:22"},"problem_types":["CWE-601","CWE-20","CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html","name":"http://www.redhat.com/support/errata/RHSA-2011-1299.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2011-1594","name":"https://access.redhat.com/security/cve/CVE-2011-1594","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=672167","name":"https://bugzilla.redhat.com/show_bug.cgi?id=672167","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"672167 – (CVE-2011-1594) CVE-2011-1594 RHN Satellite / Spacewalk: login page open redirect via url_bounce","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html","name":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Spacewalk-announce-list] Spacewalk 1.6 has been released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-1594","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1594","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-04-02T15:01:02.325Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2014-02-05T18:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"1594","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"network_satellite","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1594","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"spacewalk","cpe6":"1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2011","cve_id":"1594","cve":"CVE-2011-1594","epss":"0.003980000","percentile":"0.605540000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T22:28:41.926Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"[Spacewalk-announce-list] 20111222 Spacewalk 1.6 has been released","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"},{"name":"RHSA-2011:1299","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=672167"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"rhn-client-tools","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"rhnsd","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"yum-rhn-plugin","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unknown","packageName":"rhnsd","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unknown","packageName":"yum-rhn-plugin","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"}],"datePublic":"2014-02-05T18:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to unauthorized information disclosure or credential theft."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-601","description":"URL Redirection to Untrusted Site ('Open Redirect')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T21:17:14.782Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2011-1594"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=672167"},{"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"}],"timeline":[{"lang":"en","time":"2026-04-02T15:01:02.325Z","value":"Reported to Red Hat."},{"lang":"en","time":"2014-02-05T18:00:00.000Z","value":"Made public."}],"title":"Spacewalk: spacewalk: open redirect vulnerability enables phishing attacks via url parameter","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2011-1594","datePublished":"2014-02-05T18:00:00.000Z","dateReserved":"2011-04-05T00:00:00.000Z","dateUpdated":"2026-04-02T21:17:14.782Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2014-02-05 18:55:04","lastModifiedDate":"2026-04-02 22:16:22","problem_types":["CWE-601","CWE-20","CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*","matchCriteriaId":"181F4E02-1FFA-4EFD-9DBF-3E23EFC200AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:spacewalk:1.6:*:*:*:*:*:*:*","matchCriteriaId":"F66E06D8-78D7-492A-992C-8A70B5C36A97"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"1594","Ordinal":"1","Title":"Spacewalk: spacewalk: open redirect vulnerability enables phishi","CVE":"CVE-2011-1594","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"1594","Ordinal":"1","NoteData":"A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to unauthorized information disclosure or credential theft.","Type":"Description","Title":"Spacewalk: spacewalk: open redirect vulnerability enables phishi"},{"CveYear":"2011","CveId":"1594","Ordinal":"2","NoteData":"2014-02-05","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"1594","Ordinal":"3","NoteData":"2014-02-05","Type":"Other","Title":"Modified"}]}}}