Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-19 | CVE-2016-5385 | Open Redirect vulnerability in multiple products PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | 8.1 |
| 2012-10-16 | CVE-2012-0518 | Open Redirect vulnerability in Oracle Fusion Middleware 10.1.4.3 Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175. | 4.7 |
| 2008-07-27 | CVE-2008-2951 | Open Redirect vulnerability in multiple products Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | 6.1 |
| 2008-05-02 | CVE-2008-2052 | Open Redirect vulnerability in Bitrix24 Bitrix Site Manager 6.5 Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. | 6.1 |
| 2005-12-13 | CVE-2005-4206 | Open Redirect vulnerability in Blackboard Academic Suite 6.0.0.0/6.2.3.23/6.3.1.424 Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | 6.1 |