Main Vulnerability Database SB2013120702

SB2013120702 - Open redirect in Drupal Drupal

Published: December 7, 2013 Updated: September 15, 2016

Security Bulletin ID SB2013120702

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Open redirect (CVE-ID: CVE-2013-6389)

The weakness allows a remote attacker to obtain valid user's credential.
The vulnerability exists due to unsufficient URLs validation before showing their content. The Overlay module shows administrative pages instead of its substitution in the browser window that expose open redirect weakness.
Successful exploitation of the vulnerability may result in gaining access to the target user's data.

Remediation

Install update from vendor's website.

References

https://www.drupal.org/SA-CORE-2013-003