Open_Redirect @ /Header_jsp.java #63
Description
Checkmarx (SAST): Open_Redirect
Security Issue: Read More about Open_Redirect
Applications: app
Checkmarx Project: AsafOrgTesting/BookStore_Public
Repository URL: https://github.com/AsafOrgTesting/BookStore_Public
Branch: master
Scan ID: 7109c3be-17ec-47a6-b583-8cc51a26fdc2
The potentially tainted value provided by getRequestURI in /Header_jsp.java at line 400 is used as a destination URL by sendRedirect in /Header_jsp.java at line 400, potentially allowing attackers to perform an open redirection.
Result 1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. getRequestURI: /Header_jsp.java[400,134]
2. strValue: /Header_jsp.java[115,23]
3. strValue: /Header_jsp.java[117,10]
4. strValue: /Header_jsp.java[118,39]
5. encode: /Header_jsp.java[118,38]
6. toURL: /Header_jsp.java[400,112]
7. sendRedirect: /Header_jsp.java[400,30]
Review result in Checkmarx One: Open_Redirect