CVE-2016-3174

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.
Configurations

Configuration 1 (hide)

cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev-26:*:*:*:*:*:*

History

No history.

Information

Published : 2016-12-15 06:59

Updated : 2023-12-10 12:01


NVD link : CVE-2016-3174

Mitre link : CVE-2016-3174

CVE.ORG link : CVE-2016-3174


JSON object : View

Products Affected

open-xchange

  • open-xchange_appsuite
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')