Candidate: CVE-2015-6961
PublicDate: 2017-10-18 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6961
 https://github.com/web2py/web2py/issues/731
 https://github.com/web2py/web2py/commit/e31a099cb3456fef471886339653430ae59056b0
Description:
 Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows
 remote attackers to redirect users to arbitrary web sites and conduct
 phishing attacks via a URL in the _next parameter to user/logout.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_web2py:
upstream_web2py: released (2.12.3-1)
precise/esm_web2py: DNE
trusty_web2py: ignored (reached end-of-life)
trusty/esm_web2py: DNE (trusty was needed)
xenial_web2py: not-affected (2.12.3-1)
zesty_web2py: not-affected (2.12.3-1)
artful_web2py: not-affected (2.12.3-1)
bionic_web2py: DNE
cosmic_web2py: DNE
disco_web2py: DNE
devel_web2py: DNE