An open URL redirect exists on the login page of JBoss Enterprise Portal Platform. This vulnerability allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.
Red Hat would like to thank Christopher Hartley of The Ohio State University for reporting this issue.
This issue has been addressed in following products:
JBoss Enterprise Portal Platform 5.2.0
Via RHSA-2011:1822 https://rhn.redhat.com/errata/RHSA-2011-1822.html