CVE-2015-2750
Published: 13 September 2017
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
From the Ubuntu security team
It was discovered that Drupal did not properly protect against open redirects. An attacker could use this vulnerability to send unsuspecting users to 3rd party sites and potentially carry out phishing attacks.
Priority
CVSS 3 base score: 6.1
Status
Package | Release | Status |
---|---|---|
drupal6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
lucid |
Ignored
(reached end-of-life)
|
|
precise |
Does not exist
(precise was needed)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(6.35)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
drupal7 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7.32-1+deb8u3)
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
lucid |
Does not exist
|
|
precise |
Does not exist
(precise was needed)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(7.32-1+deb8u2)
|
|
utopic |
Released
(7.32-1+deb8u4build0.14.10.1)
|
|
vivid |
Not vulnerable
(7.32-1+deb8u3)
|
|
wily |
Not vulnerable
(7.32-1+deb8u3)
|
|
xenial |
Not vulnerable
(7.32-1+deb8u3)
|
|
yakkety |
Not vulnerable
(7.32-1+deb8u3)
|
|
zesty |
Not vulnerable
(7.32-1+deb8u3)
|