Published:2012/11/02  Last Updated:2012/11/02

Pebble vulnerable to open redirect


Pebble contains an open redirect vulnerability.

Products Affected

  • Pebble versions prior to 2.6.4


Pebble is an open source weblog system. Pebble contains an open redirect vulnerability.


When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.


Update the software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
Pebble Pebble - Overview


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2012.11.02

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Mid
Exploit Complexity the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspiciouse
  • High

Description of each analysis measures


Takahisa Kishiya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2012-5170
JVN iPedia JVNDB-2012-000100

Update History

Information under the section "Other Information" was modified.