CVE-2015-2750

Loading...

General

Score:5.8/10.0
Severity:Medium
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2015-2559, CVE-2015-2749

Published on 13/09/17 - Updated on 20/09/17

Description

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.

Category: Input Validation Error

CWE-601 (URL Redirection to Untrusted Site ('Open Redirect'))
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Security Notices

US National Vulnerability DatabaseCVE-2015-2750
Debian DSA-3200-1

Exploits

SecurityFocusBID-73219

Relative technologies

VendorProduct
debiandebian_linux
drupaldrupal

Share this vulnerability with:

Twitter Facebook LinkedIn Mail