Description
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Remediation
References
Related Vulnerabilities
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)
WordPress Plugin ARI Adminer-WordPress Database Manager Cross-Site Request Forgery (1.1.13)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7128)
WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.9)