Published: 13/09/2017 Updated: 20/09/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Open redirect vulnerability in URL-related API functions in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 7.1
drupal drupal 7.2
drupal drupal 7.3
drupal drupal 7.16
drupal drupal 7.17
drupal drupal 7.18
drupal drupal 7.19
drupal drupal 7.33
drupal drupal 7.34
drupal drupal 7.0
drupal drupal 6.0
drupal drupal 6.6
drupal drupal 6.7
drupal drupal 6.8
drupal drupal 6.9
drupal drupal 6.10
drupal drupal 6.23
drupal drupal 6.24
drupal drupal 6.25
drupal drupal 6.26
drupal drupal 7.5
drupal drupal 7.7
drupal drupal 7.12
drupal drupal 7.14
drupal drupal 7.21
drupal drupal 7.23
drupal drupal 7.30
drupal drupal 7.32
drupal drupal 6.2
drupal drupal 6.4
drupal drupal 6.11
drupal drupal 6.13
drupal drupal 6.20
drupal drupal 6.22
drupal drupal 6.27
drupal drupal 6.29
drupal drupal 7.8
drupal drupal 7.9
drupal drupal 7.10
drupal drupal 7.11
drupal drupal 7.26
drupal drupal 7.25
drupal drupal 7.27
drupal drupal 7.28
drupal drupal 6.1
drupal drupal 6.15
drupal drupal 6.16
drupal drupal 6.17
drupal drupal 6.18
drupal drupal 6.31
drupal drupal 6.32
drupal drupal 6.33
drupal drupal 6.34
drupal drupal 7.4
drupal drupal 7.6
drupal drupal 7.13
drupal drupal 7.15
drupal drupal 7.20
drupal drupal 7.22
drupal drupal 7.24
drupal drupal 7.29
drupal drupal 7.31
drupal drupal 6.3
drupal drupal 6.5
drupal drupal 6.12
drupal drupal 6.14
drupal drupal 6.19
drupal drupal 6.21
drupal drupal 6.28
drupal drupal 6.30
debian debian linux 8.0
debian debian linux 9.0

CWE-601 https://www.drupal.org/SA-CORE-2015-001 http://www.securityfocus.com/bid/73219 http://www.openwall.com/lists/oss-security/2015/03/26/4 http://www.debian.org/security/2015/dsa-3200 http://cgit.drupalcode.org/drupal/commit/includes/menu.inc?h=6.x&id=8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93 http://cgit.drupalcode.org/drupal/commit/includes/common.inc?h=7.x&id=b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8 https://nvd.nist.gov

CVE-2015-2750

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect