CVE-2015-5241

MEDIUM

Apache jUDDI 3.1.2-3.1.5 - Open Redirect

Title source: llm

Description

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect.

References (1)

[Mitigation, Vendor Advisory] http://juddi.apache.org/security.html

Scores

CVSS v3 6.1

EPSS 0.0296

EPSS Percentile 86.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (6)

apache/juddi

org.apache.juddi/juddi-client < 3.2.0Maven

Apache Software Foundation/Apache jUDDI < 3.1.2, 3.1.3, 3.1.4, and 3.1.5

Published May 19, 2017

Tracked Since Feb 18, 2026