CVE-2011-1594

CWE-601Open RedirectCWE-20Improper Input Validation5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 39.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Spacewalk
Timeline
PublishedFeb 5
Latest updateMay 17

Description

A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to unauthorized information disclosure or credential theft.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-v4fr-cg8r-vwm7: Open redirect vulnerability in Spacewalk 12022-05-17
CVEList
Spacewalk: spacewalk: open redirect vulnerability enables phishing attacks via url parameter2014-02-05

📋Vendor Advisories

1
Red Hat
CVE-2011-1594: A flaw was found in Spacewalk, as used in Red Hat Network Satellite2014-02-05

💬Community

1
Bugzilla
CVE-2011-1594 RHN Satellite / Spacewalk: login page open redirect via url_bounce2011-01-24