An open URL redirect exists on the login page of JBoss Enterprise Portal Platform. This vulnerability allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter. Acknowledgements: Red Hat would like to thank Christopher Hartley of The Ohio State University for reporting this issue.
This issue has been addressed in following products: JBoss Enterprise Portal Platform 5.2.0 Via RHSA-2011:1822 https://rhn.redhat.com/errata/RHSA-2011-1822.html