732342 – (CVE-2011-2941) CVE-2011-2941 JBoss Enterprise Portal Platform: open URL redirect

Bug 732342 (CVE-2011-2941) - CVE-2011-2941 JBoss Enterprise Portal Platform: open URL redirect

Summary: CVE-2011-2941 JBoss Enterprise Portal Platform: open URL redirect

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2011-2941
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	732343
TreeView+	depends on / blocked

Reported:	2011-08-22 05:09 UTC by David Jorm
Modified:	2021-02-24 14:53 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-15 00:52:26 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1822	0	normal	SHIPPED_LIVE	Moderate: JBoss Enterprise Portal Platform 5.2.0 update	2011-12-15 05:06:30 UTC

Description David Jorm 2011-08-22 05:09:09 UTC

An open URL redirect exists on the login page of JBoss Enterprise Portal Platform. This vulnerability allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.

Acknowledgements:

Red Hat would like to thank Christopher Hartley of The Ohio State University for reporting this issue.

Comment 4 errata-xmlrpc 2011-12-15 00:06:49 UTC

This issue has been addressed in following products:

JBoss Enterprise Portal Platform 5.2.0

Via RHSA-2011:1822 https://rhn.redhat.com/errata/RHSA-2011-1822.html

Note You need to log in before you can comment on or make changes to this bug.