Hide Forgot
Open redirect vulnerability in Red Hat Network Satellite and Spacewalk software content management services allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter. Acknowledgements: Red Hat would like to thank Thomas Biege of the SuSE Security Team for reporting this issue.
The CVE identifier of CVE-2011-1594 has been assigned to this issue.
This is already public via SUSE advisory: http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00007.html http://support.novell.com/security/cve/CVE-2011-1594.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2011:1299 https://rhn.redhat.com/errata/RHSA-2011-1299.html
The issue has been addressed in Spacewalk master by commit e23b716fe82672c143177275799985ce56dc468d CVE-2011-1594, 672167 - only local redirects are allowed Fixed package: spacewalk-java-1.6.46-1