Lucene search
Redhat.comRH:CVE-2017-1000484HistoryJan 09, 2018 - 5:50 a.m.
CVE-2017-1000484
2018-01-0905:50:45
redhat.com
access.redhat.com
8
0.001 Low
EPSS
Percentile
31.5%
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don’t want to make it too easy for attackers by spelling it out here.)
Related
nvd
nvd
CVE-2017-1000484
2018-01-03 20:29:00
osv
osv
Plone Open Redirect
2019-01-04 17:47:21
PYSEC-2018-73
2018-01-03 20:29:00
CVE-2017-1000484
2018-01-03 20:29:00
prion
prion
Design/Logic Flaw
2018-01-03 20:29:00
cvelist
cvelist
CVE-2017-1000484
2022-10-03 16:23:10
cve
cve
CVE-2017-1000484
2022-10-03 16:23:10
veracode
veracode
Redirect Attacks
2018-01-04 02:59:16
github
github
Plone Open Redirect
2019-01-04 17:47:21
nessus
nessus
RHEL 5 : conga (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 5 : plone (Unpatched Vulnerability)
2024-05-11 00:00:00