Published:2012/11/02  Last Updated:2012/11/02

JVN#55398821
Pebble vulnerable to open redirect

Overview

Pebble contains an open redirect vulnerability.

Products Affected

  • Pebble versions prior to 2.6.4

Description

Pebble is an open source weblog system. Pebble contains an open redirect vulnerability.

Impact

When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
Pebble Pebble - Overview

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2012.11.02

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Mid
Exploit Complexity the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspiciouse
  • High

Description of each analysis measures

Credit

Takahisa Kishiya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2012-5170
JVN iPedia JVNDB-2012-000100

Update History

2012/11/02
Information under the section "Other Information" was modified.