Description

Drupal Core is prone to multiple vulnerabilities, including open redirect, information disclosure and security bypass vulnerabilities. Exploiting these issues could allow an attacker to redirect users to arbitrary web sites and conduct phishing attacks, to obtain sensitive information that may help in launching further attacks or to perform otherwise restricted actions and subsequently log in as other users on the site, including administrators, and hijack their accounts. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.37 are vulnerable.

Remediation

Update to Drupal Core version 7.38 or latest

References

https://www.drupal.org/SA-CORE-2015-002

Related Vulnerabilities

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (3.1.9)

Dolibarr Incorrect Default Permissions Vulnerability (CVE-2022-40871)

IBM WebSEAL Weak Password Requirements Vulnerability (CVE-2024-35137)

Oracle Database Server CVE-2008-1816 Vulnerability (CVE-2008-1816)

IBM WebSEAL Other Vulnerability (CVE-2023-30998)

Severity

High

Classification

CVE-2015-3231 CVE-2015-3232 CVE-2015-3233 CVE-2015-3234 CWE-200 CWE-287 CWE-601 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update