CVE-2015-3232

Published: 22 June 2015

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.

Priority

Low

Status

Package Release Status
drupal6
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(drupal7 only)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

drupal6-mod-cck
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

drupal7
Launchpad, Ubuntu, Debian
Upstream
Released (7.38-1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.38-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)