The security scanner detects the following Vulnerability for RHVM 4.2. :
3.2.15. Unvalidated Redirects and Forwards (spider-param-unchecked-redirect)
Description:
An open redirect vulnerability is an application that takes a parameter and redirects a user to the parameter value, such a Web site,
without validation. Attackers exploit this vulnerability with phishing e-mails that cause users to visit malicious sites inadvertently.
This is one of OWASP Top Ten flaws in the Code Injection category.
References:
OWASP-2010 : https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
OWASP-2013 : https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards
Vulnerability Solution:
Audit Report
If you cannot avoid user-controlled parameters when calculating the destination of the redirect or forward action, it is recommended that
you make any such parameters mapping values instead of actual URLs or portions of URLs.
Applications can use ESAPI to override the sendRedirect() method to make sure all redirect destinations are safe.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2019:1085