Vulnerabilities > CVE-2015-7943 - Open Redirect vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fake the Source of Data An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-548.NASL description It was discovered that there was an open redirect vulnerability in drupal7, a content management framework. The last seen 2020-03-17 modified 2016-07-12 plugin id 92003 published 2016-07-12 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/92003 title Debian DLA-548-1 : drupal7 security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-548-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(92003); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-7943"); script_name(english:"Debian DLA-548-1 : drupal7 security update"); script_summary(english:"Checks dpkg output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that there was an open redirect vulnerability in drupal7, a content management framework. The 'Overlay' module in Drupal core displays administrative pages as a layer over the current page (using JavaScript) rather than replacing the page in the browser window. The module did not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. For Debian 7 'Wheezy', this issue has been fixed in drupal7 version 7.14-2+deb7u13. We recommend that you upgrade your drupal7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2016/07/msg00009.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/drupal7" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected drupal7 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:drupal7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"drupal7", reference:"7.14-2+deb7u13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2015-CCF2B449A9.NASL description drupal7-7.41-1.fc21 - 7.41. drupal7-7.41-1.fc22 - 7.41. drupal7-7.41-1.el5 - 7.41. drupal7-7.41-1.el6 - 7.41. drupal7-7.41-1.el7 - 7.41. drupal7-7.41-1.fc23 - 7.41. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89411 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89411 title Fedora 23 : drupal7-7.41-1.fc23 (2015-ccf2b449a9) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-ccf2b449a9. # include("compat.inc"); if (description) { script_id(89411); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-7943"); script_xref(name:"FEDORA", value:"2015-ccf2b449a9"); script_name(english:"Fedora 23 : drupal7-7.41-1.fc23 (2015-ccf2b449a9)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "drupal7-7.41-1.fc21 - 7.41. drupal7-7.41-1.fc22 - 7.41. drupal7-7.41-1.el5 - 7.41. drupal7-7.41-1.el6 - 7.41. drupal7-7.41-1.el7 - 7.41. drupal7-7.41-1.fc23 - 7.41. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1274107" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1276291" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1276292" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170686.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ddb4b628" ); script_set_attribute( attribute:"solution", value:"Update the affected drupal7 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:drupal7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"drupal7-7.41-1.fc23")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "drupal7"); }NASL family CGI abuses NASL id DRUPAL_7_41.NASL description The remote web server is running a version of Drupal that is 7.x prior to 7.41. It is, therefore, affected by an open redirect vulnerability in the Overlay module due to improper validation of URLs before displaying their contents. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect a victim from an intended legitimate website to an arbitrary website. This vulnerability can only be exploited against Drupal users who have both the last seen 2020-06-01 modified 2020-06-02 plugin id 86673 published 2015-10-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86673 title Drupal 7.x < 7.41 Overlay Module Open Redirect code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(86673); script_version("1.12"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-7943"); script_bugtraq_id(77293); script_name(english:"Drupal 7.x < 7.41 Overlay Module Open Redirect"); script_summary(english:"Checks the version of Drupal."); script_set_attribute(attribute:"synopsis", value: "The remote web server is running a PHP application that is affected by an open redirect vulnerability."); script_set_attribute(attribute:"description", value: "The remote web server is running a version of Drupal that is 7.x prior to 7.41. It is, therefore, affected by an open redirect vulnerability in the Overlay module due to improper validation of URLs before displaying their contents. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect a victim from an intended legitimate website to an arbitrary website. This vulnerability can only be exploited against Drupal users who have both the 'Access the administrative overlay' permission and the Overlay module enabled. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.drupal.org/SA-CORE-2015-004"); script_set_attribute(attribute:"see_also", value:"https://www.drupal.org/project/drupal/releases/7.41"); script_set_attribute(attribute:"solution", value: "Upgrade to Drupal version 7.41 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7943"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/17"); script_set_attribute(attribute:"patch_publication_date", value:"2015/10/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/30"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:drupal:drupal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("drupal_detect.nasl"); script_require_keys("www/PHP", "installed_sw/Drupal", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "Drupal"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; version = install['version']; url = build_url(qs:dir, port:port); if (report_paranoia < 2) audit(AUDIT_PARANOID); if (version =~ "^7\.([0-9]|[1-3][0-9]|40)($|[^0-9]+)") { if (report_verbosity > 0) { report = '\n URL : ' + url + '\n Installed version : ' + version + '\n Fixed version : 7.41' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, url, version);NASL family Fedora Local Security Checks NASL id FEDORA_2015-CB94FD13D8.NASL description drupal7-7.41-1.fc21 - 7.41. drupal7-7.41-1.fc22 - 7.41. drupal7-7.41-1.el5 - 7.41. drupal7-7.41-1.el6 - 7.41. drupal7-7.41-1.el7 - 7.41. drupal7-7.41-1.fc23 - 7.41. ---- drupal7-7.40-1.fc21 - 7.40. drupal7-7.40-1.fc22 - 7.40. drupal7-7.40-1.el5 - 7.40. drupal7-7.40-1.el6 - 7.40. drupal7-7.40-1.el7 - 7.40. drupal7-7.40-1.fc23 - 7.40. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89409 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89409 title Fedora 22 : drupal7-7.41-1.fc22 (2015-cb94fd13d8) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3897.NASL description Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. More information can be found at https://www.drupal.org/SA-CORE-2015-004 - CVE-2017-6922 Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files uploaded by anonymous users into a private file system can be accessed by other anonymous users leading to an access bypass vulnerability. More information can be found at https://www.drupal.org/SA-CORE-2017-003 last seen 2020-06-01 modified 2020-06-02 plugin id 101034 published 2017-06-26 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101034 title Debian DSA-3897-1 : drupal7 - security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_75F394137A0011E5A2A1002590263BF5.NASL description Drupal development team reports : The Overlay module in Drupal core displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. This vulnerability is mitigated by the fact that it can only be used against site users who have the last seen 2020-06-01 modified 2020-06-02 plugin id 86587 published 2015-10-26 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86587 title FreeBSD : drupal -- open redirect vulnerability (75f39413-7a00-11e5-a2a1-002590263bf5)