Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-26 | CVE-2016-3040 | Open Redirect vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0 IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-09-18 | CVE-2016-0928 | Open Redirect vulnerability in Pivotal Cloud Foundry Elastic Runtime Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 7.4 |
| 2016-08-08 | CVE-2016-5878 | Open Redirect vulnerability in IBM Filenet Workplace Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-07-22 | CVE-2016-4604 | Open Redirect vulnerability in Apple Safari Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | 5.4 |
| 2016-07-19 | CVE-2016-5385 | Open Redirect vulnerability in multiple products PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | 8.1 |
| 2012-10-16 | CVE-2012-0518 | Open Redirect vulnerability in Oracle Fusion Middleware 10.1.4.3 Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175. | 4.7 |
| 2008-07-27 | CVE-2008-2951 | Open Redirect vulnerability in multiple products Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | 6.1 |
| 2008-05-02 | CVE-2008-2052 | Open Redirect vulnerability in Bitrix24 Bitrix Site Manager 6.5 Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. | 6.1 |
| 2005-12-13 | CVE-2005-4206 | Open Redirect vulnerability in Blackboard Academic Suite 6.0.0.0/6.2.3.23/6.3.1.424 Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | 6.1 |