Description
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
Remediation
References
http://struts.apache.org/release/2.3.x/docs/s2-017.html
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
http://www.securityfocus.com/bid/64758
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
http://www.securityfocus.com/bid/61196
Related Vulnerabilities
CVE-2014-0074 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2023-49376 Vulnerability in maven package com.jfinal:jfinal
CVE-2018-1000174 Vulnerability in maven package org.jenkins-ci.plugins:google-login
CVE-2022-34805 Vulnerability in maven package org.jenkins-ci.plugins:skype-notifier
CVE-2018-11040 Vulnerability in maven package org.springframework:spring-web