© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I'm setting this to confirmed because it was picked up in a scan conducted by SecurityMetrics:
The web application accepts a parameter value that allows redirects to unrestricted locations.
The remote web application contains functionality to redirect to a specific URL. Thisfun ctionality is not restricted to relative URLs within the application and could be leveraged by an attacker to fool an end user into believing that a malicious URL they were redirected to is valid.
Parameters that are used to dynamically redirect must be restricted to paths within the application. If relative paths are accepted, the base path should be explicitly prepended.
The following parameters are vulnerable to open redirects : /eg/opac/