Wednesday, 11 February 2015

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability

examine_binary-300x215



Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect
Product: OpenSSO Integration
Vendor: NYU
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-7294
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]



http://www.inzeed.com/kaleidoscope/open-redirect/cve-2014-7294-nyu-opensso-integration-open-redirect-security-vulnerability/

No comments:

Post a Comment