CVE-2015-4398
 
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
Vulnerabilidad de redirección abierta en el módulo Chaos tool suite (ctools) anterior a 6.x-1.12 y 7.x-1.x anterior a 7.x-1.7 para Drupal permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados que involucra las páginas de la eliminación de de confirmaciones en proceso.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-06-05 CVE Reserved
- 2015-06-16 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2015/03/22/35 | Mailing List | |
http://www.openwall.com/lists/oss-security/2015/04/25/6 | Mailing List | |
http://www.securityfocus.com/bid/73224 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.drupal.org/node/2454883 | 2015-06-25 | |
https://www.drupal.org/node/2454885 | 2015-06-25 | |
https://www.drupal.org/node/2454909 | 2015-06-25 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project" | Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools" | <= 6.x-1.11 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version " <= 6.x-1.11" | drupal |
Affected
| ||||||
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project" | Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools" | 7.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.0" | drupal |
Affected
| ||||||
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project" | Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools" | 7.x-1.1 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.1" | drupal |
Affected
| ||||||
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project" | Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools" | 7.x-1.2 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.2" | drupal |
Affected
| ||||||
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project" | Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools" | 7.x-1.3 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.3" | drupal |
Affected
| ||||||
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project" | Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools" | 7.x-1.4 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.4" | drupal |
Affected
| ||||||
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project" | Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools" | 7.x-1.5 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.5" | drupal |
Affected
| ||||||
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project" | Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools" | 7.x-1.6 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "7.x-1.6" | drupal |
Affected
|