CVE-2015-5241: URL Redirection to Untrusted Site ('Open Redirect')

October 16, 2018 (updated September 1, 2021)

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as ‘Pluto’, ‘jUDDI Portal’, ‘UDDI Portal’ or ‘uddi-console’. User session data, credentials, and auth tokens are cleared before the redirect.

References

juddi.apache.org/security.html
github.com/advisories/GHSA-49h4-g8p5-jgq6
nvd.nist.gov/vuln/detail/CVE-2015-5241

Code Behaviors & Features

Detect and mitigate CVE-2015-5241 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →