Open redirect

2017-09-1316:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq9.0
drupaleq7.0 alpha5
drupaleq7.0 dev
drupaleq7.0 alpha7
drupaleq6.0 beta2
drupaleq6.33
drupaleq7.16
drupaleq6.0 rc2
drupaleq7.21

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	9.0
drupal	eq	7.0 alpha5
drupal	eq	7.0 dev
drupal	eq	7.0 alpha7
drupal	eq	6.0 beta2
drupal	eq	6.33
drupal	eq	7.16
drupal	eq	6.0 rc2
drupal	eq	7.21