CVE-2017-7266
NONE EPSS 57.1%
Published Mar 26, 20179y ago · Modified Jun 17, 20262w ago
Published Mar 26, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
Threat Intelligence
EPSS Exploit Probability
57.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-601
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| netflix | security_monkey | * | ≤0.7.0 |
References 4
- securityfocus.com http://www.securityfocus.com/bid/97088
- github.com https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
- github.com https://github.com/Netflix/security_monkey/pull/482
- github.com https://github.com/Netflix/security_monkey/releases/tag/v0.8.0
Remediation
- github.com https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466