CVE-2015-4398
Published Jun 16, 2015
Last updated 9 years ago
Overview
- Description
- Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:*:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "468543BB-7BF6-422C-A775-B0741E866577",
"versionEndIncluding": "6.x-1.11"
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "5FA4E46D-F7D9-448D-B971-D8EE786EB3AC"
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "EFA33F20-D932-42F3-84B0-9E55645D64D6"
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "F56B3706-6AF5-42C9-A565-882AE03ADA9D"
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "7683107F-23E1-4220-91FA-CFCDD2129AE1"
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "698747A0-461D-409B-B9DE-9059CCF81AA8"
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "05D4A651-2FFE-42D1-8412-4C3C4098995F"
},
{
"criteria": "cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "FF5CE8CA-69E1-465A-9F16-C96FB1E0F564"
}
],
"operator": "OR"
}
]
}
]