A URL redirection vulnerability in Skyhigh SWG in main releases 10.x before 10.2.9, 9.x before 9.2.20, 8.x before 8.2.27, and 7.x before 7.8.2.31, and controlled release 11.x before 11.1.3 allows a remote malicious user to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mcafee web gateway |