Vulnerability CVE-2015-2750


Published: 2017-09-13   Modified: 2017-09-20

Description:
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Drupal
Product: Drupal 
Version:
7.9
7.8
7.7
7.6
7.5
7.4
7.34
7.33
7.32
7.31
7.30
7.29
7.28
7.27
7.26
7.25
7.24
7.23
7.22
7.21
7.20
7.19
7.18
7.17
7.16
7.15
7.14
7.13
7.12
7.11
7.10
7.0
6.9
6.8
6.7
6.6
6.5
6.4
6.34
6.33
6.32
6.31
6.30
6.29
6.28
6.27
6.26
6.25
6.24
6.23
6.22
6.21
6.20
6.19
6.18
6.17
6.16
6.15
6.14
6.13
6.12
6.11
6.10
6.0

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://cgit.drupalcode.org/drupal/commit/includes/common.inc?h=7.x&id=b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8
http://cgit.drupalcode.org/drupal/commit/includes/menu.inc?h=6.x&id=8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93
http://www.debian.org/security/2015/dsa-3200
http://www.openwall.com/lists/oss-security/2015/03/26/4
http://www.securityfocus.com/bid/73219
https://www.drupal.org/SA-CORE-2015-001

Related CVE
CVE-2015-7943
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and ...
CVE-2015-7880
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2017-6919
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
CVE-2017-6377
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
CVE-2017-6381
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies ...
CVE-2016-9452
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.

Copyright 2017, cxsecurity.com

 

Back to Top