-
Task
-
Resolution: Won't Do
-
Medium
-
None
-
None
-
None
This call to javax.servlet.http.HttpServletResponse.sendRedirect() contains a URL redirection to untrusted site flaw. Writing untrusted input into a URL value could cause the web application to redirect the request to the specified URL, leading to phishing attempts to steal user credentials.
Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible.
References:
CWE (http://cwe.mitre.org/data/definitions/601.html)
OWASP (http://www.owasp.org/index.php/Open_redirect)
WASC (http://webappsec.pbworks.com/URL-Redirector-Abuse)