Computer Associates Arcot WebFort VAS Unspecified URI Redirection Vulnerability

Computer Associates Arcot WebFort Versatile Authentication Server (VAS) is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting user follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are also possible.

Versions prior to Arcot WebFort VAS 6.2.5 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus