URL Redirection to Untrusted Site ('Open Redirect')

CVE-2016-3174

High

7.4/10

Summary

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-601 - Open Redirect

An open redirect attack employs a URL parameter, HTML refresh tags, or a DOM based location change to exploit the trust of a vulnerable domain to direct the users to a malicious website. The attack could lead to higher severity vulnerabilities such as unauthorized access control, account takeover, XSS, and more.

References

Advisory Timeline

Published Dec 15, 2016

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2016-3174

Summary

CWE-601 - Open Redirect

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS