Open Redirect Vulnerability in Drupal by Acquia
CVE-2015-2749

6.1MEDIUM

Key Information:

Vendor

Drupal
Status
Drupal
Vendor
CVE Published:
13 September 2017

What is CVE-2015-2749?

An open redirect vulnerability has been identified in Drupal versions 6.x prior to 6.35 and 7.x prior to 7.35. This flaw allows remote attackers to manipulate the destination parameter, enabling them to redirect users to any arbitrary website. Such behavior poses significant risks, as it can be leveraged for phishing attacks, misleading users into providing sensitive information under false pretenses.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://cgit.drupalcode.org/drupal/commit/?id=d2304f840c43...
x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3200
vendor-advisoryx_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2015/03/26/4
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.