CVE-2017-7266

NONE EPSS 57.1%
Published Mar 26, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 26, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

Threat Intelligence

EPSS Exploit Probability
57.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-601

Affected Products 1

VendorProductVersionRange
netflixsecurity_monkey* ≤0.7.0

References 4

  • securityfocus.com http://www.securityfocus.com/bid/97088
  • github.com https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
    PatchThird Party Advisory
  • github.com https://github.com/Netflix/security_monkey/pull/482
    Third Party Advisory
  • github.com https://github.com/Netflix/security_monkey/releases/tag/v0.8.0
    Release NotesThird Party Advisory

Remediation

  • github.com https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
    PatchThird Party Advisory