// For flags

CVE-2015-4398

 

Severity Score

5.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.

Vulnerabilidad de redirección abierta en el módulo Chaos tool suite (ctools) anterior a 6.x-1.12 y 7.x-1.x anterior a 7.x-1.7 para Drupal permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados que involucra las páginas de la eliminación de de confirmaciones en proceso.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-06-05 CVE Reserved
  • 2015-06-16 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Chaos Tool Suite Project
Search vendor "Chaos Tool Suite Project"
Ctools
Search vendor "Chaos Tool Suite Project" for product "Ctools"
<= 6.x-1.11
Search vendor "Chaos Tool Suite Project" for product "Ctools" and version " <= 6.x-1.11"
drupal
Affected
Chaos Tool Suite Project
Search vendor "Chaos Tool Suite Project"
Ctools
Search vendor "Chaos Tool Suite Project" for product "Ctools"
7.x-1.0
Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.0"
drupal
Affected
Chaos Tool Suite Project
Search vendor "Chaos Tool Suite Project"
Ctools
Search vendor "Chaos Tool Suite Project" for product "Ctools"
7.x-1.1
Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.1"
drupal
Affected
Chaos Tool Suite Project
Search vendor "Chaos Tool Suite Project"
Ctools
Search vendor "Chaos Tool Suite Project" for product "Ctools"
7.x-1.2
Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.2"
drupal
Affected
Chaos Tool Suite Project
Search vendor "Chaos Tool Suite Project"
Ctools
Search vendor "Chaos Tool Suite Project" for product "Ctools"
7.x-1.3
Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.3"
drupal
Affected
Chaos Tool Suite Project
Search vendor "Chaos Tool Suite Project"
Ctools
Search vendor "Chaos Tool Suite Project" for product "Ctools"
7.x-1.4
Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.4"
drupal
Affected
Chaos Tool Suite Project
Search vendor "Chaos Tool Suite Project"
Ctools
Search vendor "Chaos Tool Suite Project" for product "Ctools"
7.x-1.5
Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.5"
drupal
Affected
Chaos Tool Suite Project
Search vendor "Chaos Tool Suite Project"
Ctools
Search vendor "Chaos Tool Suite Project" for product "Ctools"
7.x-1.6
Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.6"
drupal
Affected