Bug 732342 (CVE-2011-2941)

Summary: CVE-2011-2941 JBoss Enterprise Portal Platform: open URL redirect
Product: [Other] Security Response Reporter: David Jorm <djorm>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mjc, myarboro, pjha, security-response-team, theute
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-15 00:52:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 732343    

Description David Jorm 2011-08-22 05:09:09 UTC 
An open URL redirect exists on the login page of JBoss Enterprise Portal Platform. This vulnerability allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.

Acknowledgements:

Red Hat would like to thank Christopher Hartley of The Ohio State University for reporting this issue.
Comment 4 errata-xmlrpc 2011-12-15 00:06:49 UTC 
This issue has been addressed in following products:

JBoss Enterprise Portal Platform 5.2.0

Via RHSA-2011:1822 https://rhn.redhat.com/errata/RHSA-2011-1822.html