Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5aDQtZzhwNS1qZ3E2
Moderate severity vulnerability that affects org.apache.juddi:juddi-client
After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect.
Permalink: https://github.com/advisories/GHSA-49h4-g8p5-jgq6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5aDQtZzhwNS1qZ3E2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-49h4-g8p5-jgq6, CVE-2015-5241
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-5241
- https://github.com/advisories/GHSA-49h4-g8p5-jgq6
- http://juddi.apache.org/security.html
Affected Packages
maven:org.apache.juddi:juddi-client
Dependent packages: 29Dependent repositories: 79
Downloads:
Affected Version Ranges: >= 3.1.2, <= 3.1.5
Fixed in: 3.2.0
All affected versions: 3.1.2, 3.1.3, 3.1.4, 3.1.5
All unaffected versions: 2.0.0, 2.0.1, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10