CVE-2015-4398

Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
chaos_tool_suite_projectctools
𝑥
≤ 6.x-1.11
chaos_tool_suite_projectctools
7.x-1.0:x
chaos_tool_suite_projectctools
7.x-1.1:x
chaos_tool_suite_projectctools
7.x-1.2:x
chaos_tool_suite_projectctools
7.x-1.3:x
chaos_tool_suite_projectctools
7.x-1.4:x
chaos_tool_suite_projectctools
7.x-1.5:x
chaos_tool_suite_projectctools
7.x-1.6:x
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2015/03/22/35
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/73224
https://www.drupal.org/node/2454883
https://www.drupal.org/node/2454885
https://www.drupal.org/node/2454909
http://www.openwall.com/lists/oss-security/2015/03/22/35
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/73224
https://www.drupal.org/node/2454883
https://www.drupal.org/node/2454885
https://www.drupal.org/node/2454909