Open Redirect

medium Nessus Plugin ID 121040

Synopsis

The web application accepts a parameter value that allows redirects to unrestricted locations.

Description

The remote web application contains functionality to redirect to a specific URL. This functionality is not restricted to relative URLs within the application and could be leveraged by an attacker to fool an end user into believing that a malicious URL they were redirected to is valid.

Solution

Parameters that are used to dynamically redirect must be restricted to paths within the application. If relative paths are accepted, the base path should be explicitly prepended.

Plugin Details

Severity: Medium

ID: 121040

File Name: open_redirect.nbin

Version: 1.52

Type: remote

Family: CGI abuses

Published: 1/9/2019

Updated: 7/17/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Open redirect score

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests, Settings/ParanoidReport