Lucene search
MitreCVELIST:CVE-2017-1000484HistoryJan 03, 2018 - 8:00 p.m.
CVE-2017-1000484
2018-01-0320:00:00
mitre
www.cve.org
4
plone cms
url redirect
security vulnerability
EPSS
0.001
Percentile
38.8%
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don’t want to make it too easy for attackers by spelling it out here.)
Related
nvd
nvd
CVE-2017-1000484
2018-01-03 20:29:00
redhatcve
redhatcve
CVE-2017-1000484
2018-01-09 05:50:45
github
github
Plone Open Redirect
2019-01-04 17:47:21
veracode
veracode
Redirect Attacks
2018-01-04 02:59:16
prion
prion
Design/Logic Flaw
2018-01-03 20:29:00
osv
osv
Plone Open Redirect
2019-01-04 17:47:21
PYSEC-2018-73
2018-01-03 20:29:00
CVE-2017-1000484
2018-01-03 20:29:00
cve
cve
CVE-2017-1000484
2018-01-03 20:29:00
nessus
nessus
RHEL 5 : conga (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 5 : plone (Unpatched Vulnerability)
2024-05-11 00:00:00