CVE-2015-5241 - After logging into the portal, the logout jsp page redirects the browser back to the login page afte

CVE-2015-5241

Summary

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect.

References

http://juddi.apache.org/security.html

Vulnerable Configurations

cpe:2.3:a:apache:juddi:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:juddi:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:juddi:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:juddi:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:juddi:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:juddi:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:juddi:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:juddi:3.1.5:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 31-05-2017 - 13:31)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

misc

http://juddi.apache.org/security.html

Last major update

31-05-2017 - 13:31

Published

19-05-2017 - 19:29

Last modified

31-05-2017 - 13:31