5.8

CVE-2015-4398

Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Chaos Tool Suite ProjectCtools SwPlatformdrupal Version <= 6.x-1.11
Chaos Tool Suite ProjectCtools Version7.x-1.0 SwPlatformdrupal
Chaos Tool Suite ProjectCtools Version7.x-1.1 SwPlatformdrupal
Chaos Tool Suite ProjectCtools Version7.x-1.2 SwPlatformdrupal
Chaos Tool Suite ProjectCtools Version7.x-1.3 SwPlatformdrupal
Chaos Tool Suite ProjectCtools Version7.x-1.4 SwPlatformdrupal
Chaos Tool Suite ProjectCtools Version7.x-1.5 SwPlatformdrupal
Chaos Tool Suite ProjectCtools Version7.x-1.6 SwPlatformdrupal
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.33% 0.674
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.openwall.com/lists/oss-security/2015/03/22/35
https://www.drupal.org/node/2454883
Patch
https://www.drupal.org/node/2454909
Patch
Vendor Advisory
http://www.securityfocus.com/bid/73224
https://www.drupal.org/node/2454885
Patch