Please login or register.

Login with username, password and session length


Remember SME Server is currently free to download and use. But it is not free to build. You can help by making a donation of time OR money from the links below.

Pages: [1]   Go Down

Author Topic: Security update, SME8.# SME9.# and SME10Alpha - bad redirection parameter  (Read 753 times)


  • Silver Supporter
  • *
  • Offline Offline
  • Posts: 789

Invalidated redirect - Possible account hijack via unvalidated redirect in the login URL 'back' parameter

Fixed in: e-smith-manager-2_6_0-14_el6_sme sme9
Fixed in: e-smith-manager-2_2_0-13_el5_sme sme8
Fixed in: e-smith-manager-2_8_0-15_el7_sme sme10

fix bad redirection parameter that might reveal session information to remote site, bugs 9920, 9923, 9924

Update is syncing to release mirrors now.

# yum update e-smith-manager or just a yum update
qui scribit bis legit
Pages: [1]   Go Up

Page created in 0.046 seconds with 24 queries.