Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2016-1000107 Open Redirect vulnerability in Erlang Erlang/Otp
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
low complexity
erlang CWE-601
6.1
2019-12-10 CVE-2016-1000108 Open Redirect vulnerability in multiple products
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
low complexity
yaws debian CWE-601
6.1
2019-12-05 CVE-2018-1002102 Open Redirect vulnerability in multiple products
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts.
network
high complexity
kubernetes fedoraproject CWE-601
2.6
2019-11-27 CVE-2016-1000110 Open Redirect vulnerability in multiple products
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
network
low complexity
python debian fedoraproject CWE-601
6.1
2019-11-26 CVE-2019-18451 Open Redirect vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature.
network
low complexity
gitlab CWE-601
6.1
2019-11-26 CVE-2019-15688 Open Redirect vulnerability in Kaspersky products
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site.
network
low complexity
kaspersky CWE-601
6.1
2019-11-26 CVE-2019-14857 Open Redirect vulnerability in Openidc MOD Auth Openidc
A flaw was found in mod_auth_openidc before version 2.4.0.1.
network
low complexity
openidc CWE-601
6.1
2019-11-22 CVE-2014-2213 Open Redirect vulnerability in Posh Project Posh
Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.
network
low complexity
posh-project CWE-601
6.1
2019-11-20 CVE-2019-15073 Open Redirect vulnerability in Openfind Mail2000 6.0/7.0
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication.
network
low complexity
openfind CWE-601
6.1
2019-11-18 CVE-2018-13257 Open Redirect vulnerability in Blackboard Learn 20180702
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.
network
low complexity
blackboard CWE-601
6.1