目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-601 指向未可信站点的URL重定向(开放重定向) 类漏洞列表 722

CWE-601 指向未可信站点的URL重定向(开放重定向) 类弱点 722 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-601 属于开放重定向漏洞,指应用程序接受用户控制的输入并用于外部链接重定向。攻击者通常利用此缺陷构造恶意 URL,诱导用户点击以跳转至钓鱼或恶意网站,从而窃取凭证或传播恶意软件。开发者应避免直接使用用户输入作为重定向目标,需对目标域名进行白名单校验,或使用经过编码的内部标识符替代直接链接,确保重定向逻辑的安全可控。

MITRE CWE 官方描述
CWE:CWE-601 URL Redirection to Untrusted Site ('Open Redirect') 英文:Web 应用程序接受由用户控制的输入,该输入指定指向外部站点的链接,并在重定向中使用该链接。
常见影响 (2)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
The user may be redirected to an untrusted page that contains malware which may then compromise the user's system. In some cases, an open redirect can also enable the immediate download of a file without the user's permission, because the r…
Access Control, Confidentiality, OtherBypass Protection Mechanism, Gain Privileges or Assume Identity, Other
By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam. The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phi…
缓解措施 (5)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Architecture and DesignUse an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page.
Architecture and DesignWhen the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs. For example, ID 1 could map to "/login.asp" and ID 2 could map to "http://www.example.com/". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability.
Architecture and DesignEnsure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).
Architecture and Design, ImplementationUnderstand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly throug…
代码示例 (2)
The following code obtains a URL from the query string and then redirects the user to that URL.
$redirect_url = $_GET['url']; header("Location: " . $redirect_url);
Bad · PHP
http://example.com/example.php?url=http://malicious.example.com
Attack
The following code is a Java servlet that will receive a GET request with a url parameter in the request to redirect the browser to the address specified in the url parameter. The servlet will retrieve the url parameter value from the request and send a response to redirect the browser to the url address.
public class RedirectServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String query = request.getQueryString(); if (query.contains("url")) { String url = request.getParameter("url"); response.sendRedirect(url); } } }
Bad · Java
<a href="http://bank.example.com/redirect?url=http://attacker.example.net">Click here to log in</a>
Attack · HTML
CVE ID标题CVSS风险等级Published
CVE-2022-0645 posthog 输入验证错误漏洞 — posthog/posthog 6.1 -2022-04-19
CVE-2020-25154 B. Braun Melsungen Ag B. Braun Melsungen AG SpaceCom 输入验证错误漏洞 — SpaceCom 5.4 Medium2022-04-14
CVE-2022-28215 SAP NetWeaver ABAP Server 输入验证错误漏洞 — SAP NetWeaver ABAP Server and ABAP Platform 4.7 -2022-04-12
CVE-2022-24794 Auth0 Express OpenId Connect 输入验证错误漏洞 — express-openid-connect 7.5 High2022-03-31
CVE-2005-10001 Broadcom Netegrity SiteMinder 输入验证错误漏洞 — SiteMinder 5.4 Medium2022-03-28
CVE-2022-24776 Flask-AppBuilder 输入验证错误漏洞 — Flask-AppBuilder 6.1 Medium2022-03-24
CVE-2022-1058 Gitea 输入验证错误漏洞 — go-gitea/gitea 6.1 -2022-03-24
CVE-2022-0165 WordPress plugin 输入验证错误漏洞 — Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme 6.1 -2022-03-14
CVE-2022-24739 AllTube Download 代码问题漏洞 — alltube 7.3 High2022-03-08
CVE-2021-41180 Nextcloud Talk 输入验证错误漏洞 — security-advisories 4.7 Medium2022-03-08
CVE-2022-0697 archivy 输入验证错误漏洞 — archivy/archivy 6.1 -2022-03-06
CVE-2022-0868 Medialize URI.js 输入验证错误漏洞 — medialize/uri.js 6.1 -2022-03-06
CVE-2022-0869 Github spirit 输入验证错误漏洞 — nitely/spirit 6.1 -2022-03-06
CVE-2021-3654 OpenStack 输入验证错误漏洞 — openstack-nova 6.1 -2022-03-02
CVE-2022-0692 AllTube Download 输入验证错误漏洞 — rudloff/alltube 6.1 -2022-02-21
CVE-2022-0597 Packagist microweber 输入验证错误漏洞 — microweber/microweber 6.1 -2022-02-15
CVE-2021-25033 WordPress 输入验证错误漏洞 — WordPress Newsletter Plugin – Noptin 6.1 -2022-02-14
CVE-2022-0560 Microweber 输入验证错误漏洞 — microweber/microweber 6.1 -2022-02-11
CVE-2022-23618 Xwiki Platform 输入验证错误漏洞 — xwiki-platform 4.7 Medium2022-02-09
CVE-2022-23102 Siemens SINEMA Remote Connect Server 输入验证错误漏洞 — SINEMA Remote Connect Server 6.1 -2022-02-09
CVE-2021-25074 WordPress plugin 输入验证错误漏洞 — WebP Converter for Media – Convert WebP and AVIF & Optimize Images 6.1 -2022-01-24
CVE-2021-25028 WordPress plugin 输入验证错误漏洞 — Event Tickets 6.1 -2022-01-24
CVE-2021-24838 WordPress plugin AnyComment 输入验证错误漏洞 — AnyComment 6.1 -2022-01-17
CVE-2021-38678 Qnap QcalAgent 输入验证错误漏洞 — QcalAgent 6.1 Medium2022-01-14
CVE-2021-44528 Rails Action Pack 输入验证错误漏洞 — https://github.com/rails/rails 6.1 -2022-01-07
CVE-2022-0122 Digital Bazaar Forge 输入验证错误漏洞 — digitalbazaar/forge 6.1 -2022-01-06
CVE-2022-21651 Shopware 输入验证错误漏洞 — shopware 6.8 Medium2022-01-05
CVE-2021-40852 Tcman Gim 输入验证错误漏洞 — GIM 6.1 Medium2021-12-17
CVE-2021-43812 Auth0 输入验证错误漏洞 — nextjs-auth0 6.4 Medium2021-12-16
CVE-2021-3829 Wordpress Easy Redirect Manager输入验证错误漏洞 — openwhyd/openwhyd 6.1 -2021-12-10

CWE-601(指向未可信站点的URL重定向(开放重定向)) 是常见的弱点类别,本平台收录该类弱点关联的 722 条 CVE 漏洞。