Summary
This host is installed with OpenX and
is prone to multiple open redirect vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing.
Impact Level: Application
Solution
No solution or patch is available as of
20th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer http://openx.com
Insight
Multiple errors exists as the application
does not validate the inputs passed via 'dest' parameter to adclick.php script and '_maxdest' parameter to ck.php script.
Affected
OpenX version 2.8.10 and probably prior
Detection
Send a crafted HTTP GET request and check
whether it redirects to the malicious websites.
References
Severity
Classification
-
CVE CVE-2014-2230 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache Tomcat Multiple Vulnerabilities June-09
- Admidio get_file.php Remote File Disclosure Vulnerability