CVE-2016-3174

HIGH Year: 2016
CVSS v3 Score
7.4
High
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.

Related Vulnerabilities

CVE-2016-0928

HIGH
CVSS:7.4(High)

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct p...

CWE-6012016

CVE-2016-1000001

HIGH
CVSS:7.4(High)

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect

CWE-6012016

CVE-2016-6657

HIGH
CVSS:7.4(High)

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runti...

CWE-6012016

CVE-2017-18414

HIGH
CVSS:7.4(High)

cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).

CWE-6012017

CVE-2017-3085

HIGH
CVSS:7.4(High)

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CWE-6012017

CVE-2019-4166

HIGH
CVSS:7.4(High)

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit...

CWE-6012019