CVE-2015-3233

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Published Bysecalert@redhat.com

Published DateJun 22, 2015, 19:59

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

5.8

Vector String

AV:N/AC:M/Au:N/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
http://www.debian.org/security/2015/dsa-3291
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/75279
http://www.securityfocus.com/bid/75280
http://www.securityfocus.com/bid/75284
https://www.drupal.org/SA-CORE-2015-002
https://www.drupal.org/node/2507535
https://www.drupal.org/node/2507555
https://www.drupal.org/node/2507561
https://www.drupal.org/node/2507729
https://www.drupal.org/node/2507735
https://www.drupal.org/node/2507741

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

5.8

Vector String

AV:N/AC:M/Au:N/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE