CVE-2015-5241 Vulnerability Details

  /     /     /  

CVE-2015-5241 Metadata Quick Info

CVE Published: 19/05/2017 | CVE Updated: 06/08/2024 | CVE Year: 2015
Source: apache | Vendor: Apache Software Foundation | Product: Apache jUDDI
Status : PUBLISHED

---

CVE-2015-5241 Description

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as \'Pluto\', \'jUDDI Portal\', \'UDDI Portal\' or \'uddi-console\'. User session data, credentials, and auth tokens are cleared before the redirect.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Open Redirect
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).