CVE-2015-5248: Input Validation
First published: Fri Oct 16 2015(Updated: )
A vulnerability was discovered in the Red Hat Mobile platform allowing a malicious attacker to utilize service for a reflected download attack. An attacker can craft a URL pointing to a file of their choosing that will, in certain browsers, appear to be downloaded from the Red Hat Mobile platform itself. Such a URL could be used in---for example---a spoof or spear-phishing e-mail to capitalize on user trust. Acknowledgements: Red Hat would like to thank Maciej Grela of Trustwave for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Feedhenry Enterprise Mobile Application Platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/
- https://example.feedhenry.com/box/srv/1.1/app/init/install.cmd?_callback=start%20notepad.exe%0d%0a&_jsonpdata
- https://debug-url.feedhenry.net
- https://release-url.feedhenry.net
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/
- https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
- https://www.modern.ie/en-us/virtualization-tools
- https://www.trustwave.com
- https://www.trustwave.com/spiderlabs
- https://bugzilla.redhat.com/show_bug.cgi?id=1272326
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-017/?fid=7150
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5248
- agent/tags
- agent/trending
- vendor/redhat
- canonical/redhat feedhenry enterprise mobile application platform