Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-10 | CVE-2016-1000107 | Open Redirect vulnerability in Erlang Erlang/Otp inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 6.1 |
2019-12-10 | CVE-2016-1000108 | Open Redirect vulnerability in multiple products yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 6.1 |
2019-12-05 | CVE-2018-1002102 | Open Redirect vulnerability in multiple products Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. | 2.6 |
2019-11-27 | CVE-2016-1000110 | Open Redirect vulnerability in multiple products The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. | 6.1 |
2019-11-26 | CVE-2019-18451 | Open Redirect vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. | 6.1 |
2019-11-26 | CVE-2019-15688 | Open Redirect vulnerability in Kaspersky products Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. | 6.1 |
2019-11-26 | CVE-2019-14857 | Open Redirect vulnerability in Openidc MOD Auth Openidc A flaw was found in mod_auth_openidc before version 2.4.0.1. | 6.1 |
2019-11-22 | CVE-2014-2213 | Open Redirect vulnerability in Posh Project Posh Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php. | 6.1 |
2019-11-20 | CVE-2019-15073 | Open Redirect vulnerability in Openfind Mail2000 6.0/7.0 An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. | 6.1 |
2019-11-18 | CVE-2018-13257 | Open Redirect vulnerability in Blackboard Learn 20180702 The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | 6.1 |