CVE-2012-5647

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.8MEDIUM

EPSS

0.5%

top 35.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Origin Redhat Openshift

Timeline

PublishedFeb 24

Latest updateMay 17

Description

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDredhat/openshift_origin1.0.5

▶NVDredhat/openshift1.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v73g-25pc-vp6r: Open redirect vulnerability in node-util/www/html/restorer↗2022-05-17

▶

CVEList

CVE-2012-5647: Open redirect vulnerability in node-util/www/html/restorer↗2013-02-24

▶

📋Vendor Advisories

Red Hat

openshift-origin-node-util: restorer.php arbitrary URL redirection↗2013-01-08

▶

💬Community

Bugzilla

CVE-2012-5647 openshift-origin-node-util: restorer.php arbitrary URL redirection↗2012-12-18

▶