ID CVE-2015-3233
Summary Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Vulnerable Configurations
  • Drupal 7.0
    cpe:2.3:a:drupal:drupal:7.0
  • Drupal 7.0 alpha1
    cpe:2.3:a:drupal:drupal:7.0:alpha1
  • Drupal 7.0 alpha2
    cpe:2.3:a:drupal:drupal:7.0:alpha2
  • Drupal 7.0 alpha3
    cpe:2.3:a:drupal:drupal:7.0:alpha3
  • Drupal 7.0 alpha4
    cpe:2.3:a:drupal:drupal:7.0:alpha4
  • Drupal 7.0 alpha5
    cpe:2.3:a:drupal:drupal:7.0:alpha5
  • Drupal 7.0 alpha6
    cpe:2.3:a:drupal:drupal:7.0:alpha6
  • Drupal 7.0 alpha7
    cpe:2.3:a:drupal:drupal:7.0:alpha7
  • Drupal 7.0 Beta 1
    cpe:2.3:a:drupal:drupal:7.0:beta1
  • Drupal 7.0 Beta 2
    cpe:2.3:a:drupal:drupal:7.0:beta2
  • Drupal 7.0 Beta 3
    cpe:2.3:a:drupal:drupal:7.0:beta3
  • Drupal 7.0 dev
    cpe:2.3:a:drupal:drupal:7.0:dev
  • Drupal 7.0 Release Candidate 1
    cpe:2.3:a:drupal:drupal:7.0:rc1
  • Drupal 7.0 Release Candidate 2
    cpe:2.3:a:drupal:drupal:7.0:rc2
  • Drupal 7.0 Release Candidate 3
    cpe:2.3:a:drupal:drupal:7.0:rc3
  • Drupal 7.0 Release Candidate 4
    cpe:2.3:a:drupal:drupal:7.0:rc4
  • Drupal 7.1
    cpe:2.3:a:drupal:drupal:7.1
  • Drupal 7.10
    cpe:2.3:a:drupal:drupal:7.10
  • Drupal 7.11
    cpe:2.3:a:drupal:drupal:7.11
  • Drupal 7.12
    cpe:2.3:a:drupal:drupal:7.12
  • Drupal 7.13
    cpe:2.3:a:drupal:drupal:7.13
  • Drupal 7.14
    cpe:2.3:a:drupal:drupal:7.14
  • Drupal 7.15
    cpe:2.3:a:drupal:drupal:7.15
  • Drupal 7.16
    cpe:2.3:a:drupal:drupal:7.16
  • Drupal 7.17
    cpe:2.3:a:drupal:drupal:7.17
  • Drupal 7.18
    cpe:2.3:a:drupal:drupal:7.18
  • Drupal 7.19
    cpe:2.3:a:drupal:drupal:7.19
  • Drupal 7.2
    cpe:2.3:a:drupal:drupal:7.2
  • Drupal 7.20
    cpe:2.3:a:drupal:drupal:7.20
  • Drupal 7.21
    cpe:2.3:a:drupal:drupal:7.21
  • Drupal 7.22
    cpe:2.3:a:drupal:drupal:7.22
  • Drupal 7.23
    cpe:2.3:a:drupal:drupal:7.23
  • Drupal 7.24
    cpe:2.3:a:drupal:drupal:7.24
  • Drupal 7.25
    cpe:2.3:a:drupal:drupal:7.25
  • Drupal 7.26
    cpe:2.3:a:drupal:drupal:7.26
  • Drupal 7.27
    cpe:2.3:a:drupal:drupal:7.27
  • Drupal 7.28
    cpe:2.3:a:drupal:drupal:7.28
  • Drupal 7.29
    cpe:2.3:a:drupal:drupal:7.29
  • Drupal 7.3
    cpe:2.3:a:drupal:drupal:7.3
  • Drupal 7.30
    cpe:2.3:a:drupal:drupal:7.30
  • Drupal 7.33
    cpe:2.3:a:drupal:drupal:7.33
  • Drupal 7.34
    cpe:2.3:a:drupal:drupal:7.34
  • Drupal 7.35
    cpe:2.3:a:drupal:drupal:7.35
  • Drupal 7.36
    cpe:2.3:a:drupal:drupal:7.36
  • Drupal 7.37
    cpe:2.3:a:drupal:drupal:7.37
  • Drupal 7.4
    cpe:2.3:a:drupal:drupal:7.4
  • Drupal 7.5
    cpe:2.3:a:drupal:drupal:7.5
  • Drupal 7.6
    cpe:2.3:a:drupal:drupal:7.6
  • Drupal 7.7
    cpe:2.3:a:drupal:drupal:7.7
  • Drupal 7.8
    cpe:2.3:a:drupal:drupal:7.8
  • Drupal 7.9
    cpe:2.3:a:drupal:drupal:7.9
CVSS
Base: 5.8 (as of 21-08-2015 - 11:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D605EDB1161611E5A000D050996490D0.NASL
    description Drupal development team reports : Impersonation (OpenID module - Drupal 6 and 7 - Critical) A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts. This vulnerability is mitigated by the fact that the victim must have an account with an associated OpenID identity from a particular set of OpenID providers (including, but not limited to, Verisign, LiveJournal, or StackExchange). Open redirect (Field UI module - Drupal 7 - Less critical) The Field UI module uses a 'destinations' query string parameter in URLs to redirect users to new destinations after completing an action on a few administration pages. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. This vulnerability is mitigated by the fact that only sites with the Field UI module enabled are affected. Drupal 6 core is not affected, but see the similar advisory for the Drupal 6 contributed CCK module : SA-CONTRIB-2015-126 Open redirect (Overlay module - Drupal 7 - Less critical) The Overlay module displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. This vulnerability is mitigated by the fact that it can only be used against site users who have the 'Access the administrative overlay' permission, and that the Overlay module must be enabled. Information disclosure (Render cache system - Drupal 7 - Less critical) On sites utilizing Drupal 7's render cache system to cache content on the site by user role, private content viewed by user 1 may be included in the cache and exposed to non-privileged users. This vulnerability is mitigated by the fact that render caching is not used in Drupal 7 core itself (it requires custom code or the contributed Render Cache module to enable) and that it only affects sites that have user 1 browsing the live site. Exposure is also limited if an administrative role has been assigned to the user 1 account (which is done, for example, by the Standard install profile that ships with Drupal core).
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 84282
    published 2015-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84282
    title FreeBSD : drupal -- multiple vulnerabilities (d605edb1-1616-11e5-a000-d050996490d0)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3291.NASL
    description Several vulnerabilities were found in drupal7, a content management platform used to power websites. - CVE-2015-3231 Incorrect cache handling made private content viewed by 'user 1' exposed to other, non-privileged users. - CVE-2015-3232 A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites. - CVE-2015-3233 Due to insufficient URL validation, the Overlay module could be used to redirect users to malicious sites. - CVE-2015-3234 The OpenID module allowed an attacker to log in as other users, including administrators.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84298
    published 2015-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84298
    title Debian DSA-3291-1 : drupal7 - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-10290.NASL
    description - Release 7.38 is a security fix release - Upstream release notes: https://www.drupal.org/drupal-7.38-release-notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 84514
    published 2015-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84514
    title Fedora 22 : drupal7-7.38-1.fc22 (2015-10290)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-10189.NASL
    description - Release 7.38 is a security fix release - Upstream release notes: https://www.drupal.org/drupal-7.38-release-notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 84513
    published 2015-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84513
    title Fedora 21 : drupal7-7.38-1.fc21 (2015-10189)
  • NASL family CGI abuses
    NASL id DRUPAL_7_38.NASL
    description The remote web server is running a version of Drupal that is 7.x prior to 7.38. It is, therefore, potentially affected by the following vulnerabilities : - An open redirect vulnerability exists due to improper validation of user-supplied input to the 'destinations' parameter in the Field UI module. A remote attacker can exploit this issue, via a specially crafted URL, to redirect users to a third-party website. (CVE-2015-3231) - An open redirect vulnerability exists due to improper validation of URLs prior displaying their contents via the Overlay module on administrative pages. (CVE-2015-3232) - An information disclosure vulnerability exists due to a flaw in the render cache system. An attacker can exploit this flaw to view private content of arbitrary users. (CVE-2015-3233) - A security bypass vulnerability exists due to a flaw in the OpenID module. A remote attacker can exploit this flaw to log in as other users, including administrators. Note that victims must have an existing OpenID account from a particular set of OpenID providers including, but not limited to, Verisign, LiveJournal, or StackExchange. (CVE-2015-3234) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 84292
    published 2015-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84292
    title Drupal 7.x < 7.38 Multiple Vulnerabilities
refmap via4
bid
  • 75279
  • 75280
  • 75284
confirm
debian DSA-3291
fedora
  • FEDORA-2015-10189
  • FEDORA-2015-10290
misc
mlist [oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)
Last major update 02-12-2016 - 22:09
Published 22-06-2015 - 15:59
Back to Top