Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-46

Attachment servlet performs unsafe redirection

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.4.104, 2.5.139-beta
    • 2.6.0
    • Core & storage
    • None

    Description

      The attachment servlet performs a redirection based on data supplied by the end user without authorizing that this location is acceptable, leading to potential phishing attacks.

      (From Ounce)

      Attachments

        Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. JSPWIKI-70 Ounce Labs Security Finding: Input Validation - Unchecked Redirect Leads To Phishing Attach Servlet

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              jalkanen Janne Jalkanen
              jalkanen Janne Jalkanen
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: