Nokia Electronic Documentation 5.0 - Connection redirection

EDB-ID:

23148


Author:

@stake

Type:

remote


Platform:

Windows

Date:

2003-09-15


source: https://www.securityfocus.com/bid/8625/info

A vulnerability has been discovered in Nokia Electronic Documentation (NED) that may allow an attacker to redirect connections to a third party system. The problem likely occurs due to the NED server failing to sufficiently verify hosts provided within specific HTTP requests. As a result, an attacker may be capable of making a request that would cause data to be redirected to a third party system.

This may allow an attacker to interact with an otherwise inaccessible system, or potentially hide the origin of attacks launched against other targets.

http://www.example.org/docs/NED?action=retrieve&location=http://www.target.com/