Lucene search

[email protected]NVD:CVE-2015-7943

HistoryOct 18, 2017 - 6:29 p.m.

CVE-2015-7943

2017-10-1818:29:00

CWE-601

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.

Affected configurations

NVD

Node

drupaldrupalMatch7.0

drupaldrupalMatch7.0alpha1

drupaldrupalMatch7.0alpha2

drupaldrupalMatch7.0alpha3

drupaldrupalMatch7.0alpha4

drupaldrupalMatch7.0alpha5

drupaldrupalMatch7.0alpha6

drupaldrupalMatch7.0alpha7

drupaldrupalMatch7.0beta1

drupaldrupalMatch7.0beta2

drupaldrupalMatch7.0beta3

drupaldrupalMatch7.0dev

drupaldrupalMatch7.0rc1

drupaldrupalMatch7.0rc2

drupaldrupalMatch7.0rc3

drupaldrupalMatch7.0rc4

drupaldrupalMatch7.1

drupaldrupalMatch7.2

drupaldrupalMatch7.3

drupaldrupalMatch7.4

drupaldrupalMatch7.5

drupaldrupalMatch7.6

drupaldrupalMatch7.7

drupaldrupalMatch7.8

drupaldrupalMatch7.9

drupaldrupalMatch7.10

drupaldrupalMatch7.11

drupaldrupalMatch7.12

drupaldrupalMatch7.13

drupaldrupalMatch7.14

drupaldrupalMatch7.15

drupaldrupalMatch7.16

drupaldrupalMatch7.17

drupaldrupalMatch7.18

drupaldrupalMatch7.19

drupaldrupalMatch7.20

drupaldrupalMatch7.21

drupaldrupalMatch7.22

drupaldrupalMatch7.23

drupaldrupalMatch7.24

drupaldrupalMatch7.25

drupaldrupalMatch7.26

drupaldrupalMatch7.27

drupaldrupalMatch7.28

drupaldrupalMatch7.29

drupaldrupalMatch7.30

drupaldrupalMatch7.31

drupaldrupalMatch7.32

drupaldrupalMatch7.33

drupaldrupalMatch7.34

drupaldrupalMatch7.35

drupaldrupalMatch7.36

drupaldrupalMatch7.37

drupaldrupalMatch7.38

drupaldrupalMatch7.39

drupaldrupalMatch7.40

jquery_update_projectjquery_updateMatch7.x-2.0drupal

jquery_update_projectjquery_updateMatch7.x-2.1drupal

jquery_update_projectjquery_updateMatch7.x-2.2drupal

jquery_update_projectjquery_updateMatch7.x-2.3drupal

jquery_update_projectjquery_updateMatch7.x-2.4drupal

jquery_update_projectjquery_updateMatch7.x-2.5drupal

jquery_update_projectjquery_updateMatch7.x-2.6drupal

labjs_projectlabjsMatch7.x-1.0drupal

labjs_projectlabjsMatch7.x-1.0beta1drupal

labjs_projectlabjsMatch7.x-1.0rc1drupal

labjs_projectlabjsMatch7.x-1.1drupal

labjs_projectlabjsMatch7.x-1.2drupal

labjs_projectlabjsMatch7.x-1.3drupal

labjs_projectlabjsMatch7.x-1.4drupal

labjs_projectlabjsMatch7.x-1.5drupal

labjs_projectlabjsMatch7.x-1.6drupal

labjs_projectlabjsMatch7.x-1.7drupal

References

www.debian.org/security/2017/dsa-3897

www.securityfocus.com/bid/77293

www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2015-10-21/drupal-core-overlay-less-critical

www.drupal.org/node/2598426

www.drupal.org/node/2598434

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

Related for NVD:CVE-2015-7943

cve2 debiancve2 prion2 ubuntucve2 cvelist2 mageia2 nessus12 drupal7 nvd1 freebsd2 openvas9 archlinux1 fedora4 debian5 osv1 securityvulns2