ID CVE-2015-7943
Summary Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.
References
Vulnerable Configurations
  • Drupal 7.0
    cpe:2.3:a:drupal:drupal:7.0
  • Drupal 7.0 alpha1
    cpe:2.3:a:drupal:drupal:7.0:alpha1
  • Drupal 7.0 alpha2
    cpe:2.3:a:drupal:drupal:7.0:alpha2
  • Drupal 7.0 alpha3
    cpe:2.3:a:drupal:drupal:7.0:alpha3
  • Drupal 7.0 alpha4
    cpe:2.3:a:drupal:drupal:7.0:alpha4
  • Drupal 7.0 alpha5
    cpe:2.3:a:drupal:drupal:7.0:alpha5
  • Drupal 7.0 alpha6
    cpe:2.3:a:drupal:drupal:7.0:alpha6
  • Drupal 7.0 alpha7
    cpe:2.3:a:drupal:drupal:7.0:alpha7
  • Drupal 7.0 Beta 1
    cpe:2.3:a:drupal:drupal:7.0:beta1
  • Drupal 7.0 Beta 2
    cpe:2.3:a:drupal:drupal:7.0:beta2
  • Drupal 7.0 Beta 3
    cpe:2.3:a:drupal:drupal:7.0:beta3
  • Drupal 7.0 dev
    cpe:2.3:a:drupal:drupal:7.0:dev
  • Drupal 7.0 Release Candidate 1
    cpe:2.3:a:drupal:drupal:7.0:rc1
  • Drupal 7.0 Release Candidate 2
    cpe:2.3:a:drupal:drupal:7.0:rc2
  • Drupal 7.0 Release Candidate 3
    cpe:2.3:a:drupal:drupal:7.0:rc3
  • Drupal 7.0 Release Candidate 4
    cpe:2.3:a:drupal:drupal:7.0:rc4
  • Drupal 7.1
    cpe:2.3:a:drupal:drupal:7.1
  • Drupal 7.2
    cpe:2.3:a:drupal:drupal:7.2
  • Drupal 7.3
    cpe:2.3:a:drupal:drupal:7.3
  • Drupal 7.4
    cpe:2.3:a:drupal:drupal:7.4
  • Drupal 7.5
    cpe:2.3:a:drupal:drupal:7.5
  • Drupal 7.6
    cpe:2.3:a:drupal:drupal:7.6
  • Drupal 7.7
    cpe:2.3:a:drupal:drupal:7.7
  • Drupal 7.8
    cpe:2.3:a:drupal:drupal:7.8
  • Drupal 7.9
    cpe:2.3:a:drupal:drupal:7.9
  • Drupal 7.10
    cpe:2.3:a:drupal:drupal:7.10
  • Drupal 7.11
    cpe:2.3:a:drupal:drupal:7.11
  • Drupal 7.12
    cpe:2.3:a:drupal:drupal:7.12
  • Drupal 7.13
    cpe:2.3:a:drupal:drupal:7.13
  • Drupal 7.14
    cpe:2.3:a:drupal:drupal:7.14
  • Drupal 7.15
    cpe:2.3:a:drupal:drupal:7.15
  • Drupal 7.16
    cpe:2.3:a:drupal:drupal:7.16
  • Drupal 7.17
    cpe:2.3:a:drupal:drupal:7.17
  • Drupal 7.18
    cpe:2.3:a:drupal:drupal:7.18
  • Drupal 7.19
    cpe:2.3:a:drupal:drupal:7.19
  • Drupal 7.20
    cpe:2.3:a:drupal:drupal:7.20
  • Drupal 7.21
    cpe:2.3:a:drupal:drupal:7.21
  • Drupal 7.22
    cpe:2.3:a:drupal:drupal:7.22
  • Drupal 7.23
    cpe:2.3:a:drupal:drupal:7.23
  • Drupal 7.24
    cpe:2.3:a:drupal:drupal:7.24
  • Drupal 7.25
    cpe:2.3:a:drupal:drupal:7.25
  • Drupal 7.26
    cpe:2.3:a:drupal:drupal:7.26
  • Drupal 7.27
    cpe:2.3:a:drupal:drupal:7.27
  • Drupal 7.28
    cpe:2.3:a:drupal:drupal:7.28
  • Drupal 7.29
    cpe:2.3:a:drupal:drupal:7.29
  • Drupal 7.30
    cpe:2.3:a:drupal:drupal:7.30
  • Drupal 7.31
    cpe:2.3:a:drupal:drupal:7.31
  • Drupal 7.32
    cpe:2.3:a:drupal:drupal:7.32
  • Drupal 7.33
    cpe:2.3:a:drupal:drupal:7.33
  • Drupal 7.34
    cpe:2.3:a:drupal:drupal:7.34
  • Drupal 7.35
    cpe:2.3:a:drupal:drupal:7.35
  • Drupal 7.36
    cpe:2.3:a:drupal:drupal:7.36
  • Drupal 7.37
    cpe:2.3:a:drupal:drupal:7.37
  • Drupal Drupal 7.38
    cpe:2.3:a:drupal:drupal:7.38
  • Drupal 7.39
    cpe:2.3:a:drupal:drupal:7.39
  • Drupal 7.40
    cpe:2.3:a:drupal:drupal:7.40
  • cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.0:-:-:-:-:drupal
    cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.0:-:-:-:-:drupal
  • cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.1:-:-:-:-:drupal
    cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.1:-:-:-:-:drupal
  • cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.2:-:-:-:-:drupal
    cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.2:-:-:-:-:drupal
  • cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.3:-:-:-:-:drupal
    cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.3:-:-:-:-:drupal
  • cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.4:-:-:-:-:drupal
    cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.4:-:-:-:-:drupal
  • cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.5:-:-:-:-:drupal
    cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.5:-:-:-:-:drupal
  • cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.6:-:-:-:-:drupal
    cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.6:-:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.0:-:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.0:-:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.0:beta1:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.0:beta1:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.0:rc1:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.0:rc1:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.1:-:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.1:-:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.2:-:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.2:-:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.3:-:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.3:-:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.4:-:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.4:-:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.5:-:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.5:-:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.6:-:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.6:-:-:-:-:drupal
  • cpe:2.3:a:labjs_project:labjs:7.x-1.7:-:-:-:-:drupal
    cpe:2.3:a:labjs_project:labjs:7.x-1.7:-:-:-:-:drupal
CVSS
Base: 5.8
Impact:
Exploitability:
CWE CWE-601
CAPEC
  • Fake the Source of Data
    An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3897.NASL
    description Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. More information can be found at https://www.drupal.org/SA-CORE-2015-004 - CVE-2017-6922 Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files uploaded by anonymous users into a private file system can be accessed by other anonymous users leading to an access bypass vulnerability. More information can be found at https://www.drupal.org/SA-CORE-2017-003
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 101034
    published 2017-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101034
    title Debian DSA-3897-1 : drupal7 - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-CCF2B449A9.NASL
    description drupal7-7.41-1.fc21 - 7.41. drupal7-7.41-1.fc22 - 7.41. drupal7-7.41-1.el5 - 7.41. drupal7-7.41-1.el6 - 7.41. drupal7-7.41-1.el7 - 7.41. drupal7-7.41-1.fc23 - 7.41. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-30
    plugin id 89411
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89411
    title Fedora 23 : drupal7-7.41-1.fc23 (2015-ccf2b449a9)
  • NASL family CGI abuses
    NASL id DRUPAL_7_41.NASL
    description The remote web server is running a version of Drupal that is 7.x prior to 7.41. It is, therefore, affected by an open redirect vulnerability in the Overlay module due to improper validation of URLs before displaying their contents. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect a victim from an intended legitimate website to an arbitrary website. This vulnerability can only be exploited against Drupal users who have both the 'Access the administrative overlay' permission and the Overlay module enabled. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86673
    published 2015-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86673
    title Drupal 7.x < 7.41 Overlay Module Open Redirect
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_75F394137A0011E5A2A1002590263BF5.NASL
    description Drupal development team reports : The Overlay module in Drupal core displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. This vulnerability is mitigated by the fact that it can only be used against site users who have the 'Access the administrative overlay' permission, and that the Overlay module must be enabled. An incomplete fix for this issue was released as part of SA-CORE-2015-002.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 86587
    published 2015-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86587
    title FreeBSD : drupal -- open redirect vulnerability (75f39413-7a00-11e5-a2a1-002590263bf5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-CB94FD13D8.NASL
    description drupal7-7.41-1.fc21 - 7.41. drupal7-7.41-1.fc22 - 7.41. drupal7-7.41-1.el5 - 7.41. drupal7-7.41-1.el6 - 7.41. drupal7-7.41-1.el7 - 7.41. drupal7-7.41-1.fc23 - 7.41. ---- drupal7-7.40-1.fc21 - 7.40. drupal7-7.40-1.fc22 - 7.40. drupal7-7.40-1.el5 - 7.40. drupal7-7.40-1.el6 - 7.40. drupal7-7.40-1.el7 - 7.40. drupal7-7.40-1.fc23 - 7.40. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-30
    plugin id 89409
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89409
    title Fedora 22 : drupal7-7.41-1.fc22 (2015-cb94fd13d8)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-548.NASL
    description It was discovered that there was an open redirect vulnerability in drupal7, a content management framework. The 'Overlay' module in Drupal core displays administrative pages as a layer over the current page (using JavaScript) rather than replacing the page in the browser window. The module did not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. For Debian 7 'Wheezy', this issue has been fixed in drupal7 version 7.14-2+deb7u13. We recommend that you upgrade your drupal7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 92003
    published 2016-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92003
    title Debian DLA-548-1 : drupal7 security update
refmap via4
bid 77293
confirm https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2015-10-21/drupal-core-overlay-less-critical
debian DSA-3897
misc
Last major update 18-10-2017 - 14:29
Published 18-10-2017 - 14:29
Last modified 08-11-2017 - 10:49
Back to Top