JBoss Enterprise Portal Platform 'initialURI' Parameter URI Redirection Vulnerability
BID:51078
Info
JBoss Enterprise Portal Platform 'initialURI' Parameter URI Redirection Vulnerability
| Bugtraq ID: | 51078 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-2941 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2011 12:00AM |
| Updated: | Dec 15 2011 12:00AM |
| Credit: | Christopher Hartley |
| Vulnerable: |
Red Hat JBoss Enterprise Portal Platform 5.1.9 |
| Not Vulnerable: |
Red Hat JBoss Enterprise Portal Platform 5.2.0 |
Discussion
JBoss Enterprise Portal Platform 'initialURI' Parameter URI Redirection Vulnerability
JBoss Enterprise Portal Platform is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid phishing attacks; other attacks are possible.
JBoss Enterprise Portal Platform versions prior to 5.2.0 are vulnerable.
JBoss Enterprise Portal Platform is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid phishing attacks; other attacks are possible.
JBoss Enterprise Portal Platform versions prior to 5.2.0 are vulnerable.
Exploit / POC
JBoss Enterprise Portal Platform 'initialURI' Parameter URI Redirection Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
JBoss Enterprise Portal Platform 'initialURI' Parameter URI Redirection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
JBoss Enterprise Portal Platform 'initialURI' Parameter URI Redirection Vulnerability
References:
References: