CVE-2015-5241

Name of the Vulnerable Software and Affected Versions Apache jUDDI versions 3.1.2 through 3.1.5

Description The issue allows malicious users to redirect the browser to an unintended web page after logging out, potentially leading to unauthorized access or information disclosure. This occurs when using the portlets-based user interface in Apache jUDDI. User session data, credentials, and authentication tokens are cleared before the redirect.

Recommendations For Apache jUDDI versions 3.1.2 through 3.1.5, consider restricting access to the logout jsp page to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the portlets-based user interface, also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal', or 'uddi-console', to prevent potential redirects to unintended web pages.