Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.4.104, 2.5.139-beta
-
None
Description
The attachment servlet performs a redirection based on data supplied by the end user without authorizing that this location is acceptable, leading to potential phishing attacks.
(From Ounce)
Attachments
Issue Links
- is cloned by
-
JSPWIKI-70 Ounce Labs Security Finding: Input Validation - Unchecked Redirect Leads To Phishing Attach Servlet
- Closed