SB2013102901 - Open redirect in Drupal Drupal
Published: October 29, 2013 Updated: September 15, 2016
Security Bulletin ID
SB2013102901
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Open redirect (CVE-ID: CVE-2012-0825)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to get access to valid user's data and modify it.
The weakness exists due to flaws in Attribute Exchange (AX) implement. Using of signed attributes getting through AX allows a malicious user to modify user's information.
Successful exploitation of the vulnerability may result in attacker's permission to modify target user's data.
Remediation
Install update from vendor's website.