Forums | Mahara Community

Security Announcements /
Security issue relating to incorrect redirect <16.10.7; <17.04.5; <17.10.2


This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 400

17 January 2018, 5:14 PM

Needing the HTTP Strict Transport Security (HSTS) header when site is https

Vuln type: man-in-the-middle attack
Impact: Redirection to incorrect site

Mahara 16.10 before 16.10.7, 17.04 before 17.04.5 and 17.10 before 17.10.2 using https are vulnerable to users going to incorrect http site.

Reported by: Kirtikumar Anandrao Ramchandani
Bug report: https://bugs.launchpad.net/mahara/+bug/1734767
CVE number: CVE-2017-17455

Edits to this post:
1 result