Apache jUDDI is vulnerable to open redirect attacks. There is a flaw which leads the logout jsp page to redirect to the login page after logging out of the portal. Therefore, a malicious user can use the flaw to redirect to an unintended web page. This would be done after the clearing of user session data, credentials and auth tokens.
CPE | Name | Operator | Version |
---|---|---|---|
juddi_v3 parent | le | 3.1.5 |