ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yusaku Sako <yus...@hortonworks.com>
Subject [CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits
Date Tue, 13 Oct 2015 01:53:36 GMT
CVE-2015-5210: Unvalidated Redirects and Forwards using targetURI parameter can enable phishing
exploits

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: 1.7.0 to 2.1.1

Versions Fixed: 2.1.2

Description: A redirect to an untrusted server is possible via unvalidated input that specifies
a redirect URL upon successful login.

Mitigation: Ambari users should upgrade to version 2.1.2 or above. Version 2.1.2 onwards redirect
locations must be relative URLs.

References: https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities
Mime
View raw message