Vulnerability Details CVE-2015-4398
Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.9%
CVSS Severity
CVSS v2 Score 5.8
References
- http://www.openwall.com/lists/oss-security/2015/03/22/35
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- http://www.securityfocus.com/bid/73224
- https://www.drupal.org/node/2454883
- https://www.drupal.org/node/2454885
- https://www.drupal.org/node/2454909
- http://www.openwall.com/lists/oss-security/2015/03/22/35
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- http://www.securityfocus.com/bid/73224
- https://www.drupal.org/node/2454883
- https://www.drupal.org/node/2454885
- https://www.drupal.org/node/2454909
Products affected by CVE-2015-4398
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.10
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.11
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.2
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.3
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.4
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.5
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.6
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.7
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.8
-
cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.9
-
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0
-
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1
-
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2
-
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3
-
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4
-
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5
-
cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6