Main Vulnerability Database SB2013102901

SB2013102901 - Open redirect in Drupal Drupal

Published: October 29, 2013 Updated: September 15, 2016

Security Bulletin ID SB2013102901

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Open redirect (CVE-ID: CVE-2012-0825)

The vulnerability allows a remote user to get access to valid user's data and modify it.
The weakness exists due to flaws in Attribute Exchange (AX) implement. Using of signed attributes getting through AX allows a malicious user to modify user's information.
Successful exploitation of the vulnerability may result in attacker's permission to modify target user's data.

Remediation

Install update from vendor's website.

References

https://www.drupal.org/SA-CORE-2012-001