Drupal Core Overlay Module CVE-2015-7943 Incomplete Fix Open Redirection Vulnerability



Drupal is prone to an open-redirection vulnerability.

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

Note: This issue is the result of an incomplete fix for the issue described in 75284 (Drupal Core Overlay Module CVE-2015-3233 Open Redirection Vulnerability).

Information

Bugtraq ID: 77293
Class: Input Validation Error
CVE: CVE-2015-7943

Remote: Yes
Local: No
Published: Oct 21 2015 12:00AM
Updated: Jul 03 2017 02:05PM
Credit: Samuel Mortenson and Pere Orga of the Drupal Security Team
Vulnerable: Drupal LABjs 7.x-1.7
Drupal LABjs 7.x-1.6
Drupal LABjs 7.x-1.5
Drupal LABjs 7.x-1.4
Drupal LABjs 7.x-1.3
Drupal LABjs 7.x-1.2
Drupal LABjs 7.x-1.1
Drupal LABjs 7.x-1.0
Drupal jQuery Update 7.x-2.6
Drupal jQuery Update 7.x-2.5
Drupal jQuery Update 7.x-2.4
Drupal jQuery Update 7.x-2.3
Drupal jQuery Update 7.x-2.2
Drupal jQuery Update 7.x-2.1
Drupal jQuery Update 7.x-2.0
Drupal Drupal 7.9
Drupal Drupal 7.8
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.39
Drupal Drupal 7.38
Drupal Drupal 7.37
Drupal Drupal 7.36
Drupal Drupal 7.35
Drupal Drupal 7.34
Drupal Drupal 7.33
Drupal Drupal 7.32
Drupal Drupal 7.31
Drupal Drupal 7.30
Drupal Drupal 7.3
Drupal Drupal 7.29
Drupal Drupal 7.28
Drupal Drupal 7.27
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.20
Drupal Drupal 7.2
Drupal Drupal 7.19
Drupal Drupal 7.18
Drupal Drupal 7.17
Drupal Drupal 7.16
Drupal Drupal 7.15
Drupal Drupal 7.14
Drupal Drupal 7.13
Drupal Drupal 7.12
Drupal Drupal 7.11
Drupal Drupal 7.10
Drupal Drupal 7.1
Drupal Drupal 7.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64


Not Vulnerable: Drupal LABjs 7.x-1.8
Drupal jQuery Update 7.x-2.7
Drupal Drupal 7.41


Exploit


An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.


Related Posts

Comments