CVE-2015-5241
CVE-2015-5241
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
19 may 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect.
Productos afectados
Apache Software Foundation · Apache jUDDI¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://juddi.apache.org/security.html