CVE-2015-4398

Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.

Published: Jun 16, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-4398
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
chaos_tool_suite_project / ctools	7.x-1.0	7.x-1.0.x
chaos_tool_suite_project / ctools	7.x-1.1	7.x-1.1.x
chaos_tool_suite_project / ctools	7.x-1.6	7.x-1.6.x
chaos_tool_suite_project / ctools	7.x-1.3	7.x-1.3.x
chaos_tool_suite_project / ctools	7.x-1.4	7.x-1.4.x
chaos_tool_suite_project / ctools	7.x-1.2	7.x-1.2.x
chaos_tool_suite_project / ctools	-	6.x-1.11.x
chaos_tool_suite_project / ctools	7.x-1.5	7.x-1.5.x

http://www.openwall.com/lists/oss-security/2015/03/22/35
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/73224
https://www.drupal.org/node/2454883
https://www.drupal.org/node/2454885
https://www.drupal.org/node/2454909

Vulnerability Database

290,206

CVE-2015-4398