Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-5241

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect.

Published

2017-05-19T19:29:00.180

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	juddi	3.1.2	Yes
Application	apache	juddi	3.1.3	Yes
Application	apache	juddi	3.1.4	Yes
Application	apache	juddi	3.1.5	Yes

References

http://juddi.apache.org/security.html Mitigation, Vendor Advisory ([email protected])
http://juddi.apache.org/security.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)