CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.2 | $0-$5k | 0.00 |
A vulnerability was found in Views Module up to 7.x on Drupal and classified as problematic. Affected by this issue is some unknown processing of the component Views UI Submodule. Using CWE to declare the problem leads to CWE-601. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. Impacted is confidentiality, and integrity. CVE summarizes:
Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.
The weakness was shared 04/21/2015 (Website). The advisory is available at drupal.org. This vulnerability is handled as CVE-2015-3378 since 04/21/2015. The attack may be launched remotely. Required for exploitation is a simple authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1204.001 by the MITRE ATT&CK project.
Upgrading eliminates this vulnerability.
The entry 75075 is related to this item.
Product
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.4VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.4
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: RedirectCWE: CWE-601
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
02/11/2015 🔍02/11/2015 🔍
04/21/2015 🔍
04/21/2015 🔍
04/21/2015 🔍
04/22/2015 🔍
10/20/2015 🔍
05/09/2022 🔍
Sources
Advisory: drupal.orgStatus: Not defined
Confirmation: 🔍
CVE: CVE-2015-3378 (🔍)
Vulnerability Center: 53558 - Drupal Views Remote Open Redirect Vulnerability related to the Break Lock Page, Medium
SecurityFocus: 72590 - Drupal Views Module Access Bypass and Open Redirection Vulnerabilities
See also: 🔍
Entry
Created: 04/22/2015 10:19Updated: 05/09/2022 14:50
Changes: 04/22/2015 10:19 (47), 02/13/2018 07:52 (10), 05/09/2022 14:50 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.