Home > Vulnerability Database > CVE-2017-7266

Mend.io Vulnerability Database

CVE-2017-7266

Good to know:

Date: March 26, 2017

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

Language: Python

Severity Score

4.8

Related Resources (8)

Url: https://github.com/Netflix/security_monkey/releases/tag/v0.8.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-7266

Url: https://github.com/Netflix/security_monkey/pull/482

Url: https://web.archive.org/web/20201220170714/http://www.securityfocus.com/bid/97088

Url: https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466

Url: http://www.securityfocus.com/bid/97088

Url: https://github.com/Netflix/security_monkey

Url: https://www.mend.io/vulnerability-database/CVE-2017-7266

Severity Score

4.8

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version 0.8.0

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-7266

Good to know:

Date: March 26, 2017

Language: Python

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?