CVE-2015-6961 - Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect u

CVE-2015-6961

Summary

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.

References

https://github.com/web2py/web2py/commit/e31a099cb3456fef471886339653430ae59056b0
https://github.com/web2py/web2py/issues/731

Vulnerable Configurations

cpe:2.3:a:web2py:web2py:2.9.11:*:*:*:*:*:*:*
cpe:2.3:a:web2py:web2py:2.9.11:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 31-10-2017 - 22:09)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

confirm

https://github.com/web2py/web2py/commit/e31a099cb3456fef471886339653430ae59056b0
https://github.com/web2py/web2py/issues/731

Last major update

31-10-2017 - 22:09

Published

18-10-2017 - 20:29

Last modified

31-10-2017 - 22:09