Back to search
CVE-2016-3174
Published: Dec 15, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20160525 Open-Xchange Security Advisory 2016-05-25
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now