CWE-698
Execution After Redirect (EAR)
Description
The web application sends a redirect to another location, but instead of exiting, it executes additional code.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Alter Execution Logic, Execute Unauthorized Code or Commands
CVE-2013-1402Execution-after-redirect allows access to application configuration details.
CVE-2009-1936chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.
CVE-2007-2713Remote attackers can obtain access to administrator functionality through EAR.
CVE-2007-4932Remote attackers can obtain access to administrator functionality through EAR.
CVE-2007-5578Bypass of authentication step through EAR.
CVE-2007-2713Chain: Execution after redirect triggers eval injection.
CVE-2007-6652chain: execution after redirect allows non-administrator to perform static code injection.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now