Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Drupal | Drupal | 6.0 (including) | 6.0 (including) |
Drupal | Drupal | 6.0-beta1 (including) | 6.0-beta1 (including) |
Drupal | Drupal | 6.0-beta2 (including) | 6.0-beta2 (including) |
Drupal | Drupal | 6.0-beta3 (including) | 6.0-beta3 (including) |
Drupal | Drupal | 6.0-beta4 (including) | 6.0-beta4 (including) |
Drupal | Drupal | 6.0-dev (including) | 6.0-dev (including) |
Drupal | Drupal | 6.0-rc1 (including) | 6.0-rc1 (including) |
Drupal | Drupal | 6.0-rc2 (including) | 6.0-rc2 (including) |
Drupal | Drupal | 6.0-rc3 (including) | 6.0-rc3 (including) |
Drupal | Drupal | 6.0-rc4 (including) | 6.0-rc4 (including) |
Drupal | Drupal | 6.1 (including) | 6.1 (including) |
Drupal | Drupal | 6.2 (including) | 6.2 (including) |
Drupal | Drupal | 6.3 (including) | 6.3 (including) |
Drupal | Drupal | 6.4 (including) | 6.4 (including) |
Drupal | Drupal | 6.5 (including) | 6.5 (including) |
Drupal | Drupal | 6.6 (including) | 6.6 (including) |
Drupal | Drupal | 6.7 (including) | 6.7 (including) |
Drupal | Drupal | 6.8 (including) | 6.8 (including) |
Drupal | Drupal | 6.9 (including) | 6.9 (including) |
Drupal | Drupal | 6.10 (including) | 6.10 (including) |
Drupal | Drupal | 6.11 (including) | 6.11 (including) |
Drupal | Drupal | 6.12 (including) | 6.12 (including) |
Drupal | Drupal | 6.13 (including) | 6.13 (including) |
Drupal | Drupal | 6.14 (including) | 6.14 (including) |
Drupal | Drupal | 6.15 (including) | 6.15 (including) |
Drupal | Drupal | 6.16 (including) | 6.16 (including) |
Drupal | Drupal | 6.17 (including) | 6.17 (including) |
Drupal | Drupal | 6.18 (including) | 6.18 (including) |
Drupal | Drupal | 6.19 (including) | 6.19 (including) |
Drupal | Drupal | 6.20 (including) | 6.20 (including) |
Drupal | Drupal | 6.21 (including) | 6.21 (including) |
Drupal | Drupal | 6.22 (including) | 6.22 (including) |
Drupal | Drupal | 6.23 (including) | 6.23 (including) |
Drupal | Drupal | 6.24 (including) | 6.24 (including) |
Drupal | Drupal | 6.25 (including) | 6.25 (including) |
Drupal | Drupal | 6.26 (including) | 6.26 (including) |
Drupal | Drupal | 6.27 (including) | 6.27 (including) |
Drupal | Drupal | 6.28 (including) | 6.28 (including) |
Drupal | Drupal | 6.29 (including) | 6.29 (including) |
Drupal | Drupal | 6.30 (including) | 6.30 (including) |
Drupal | Drupal | 6.31 (including) | 6.31 (including) |
Drupal | Drupal | 6.32 (including) | 6.32 (including) |
Drupal | Drupal | 6.33 (including) | 6.33 (including) |
Drupal | Drupal | 6.34 (including) | 6.34 (including) |
Drupal | Drupal | 7.0 (including) | 7.0 (including) |
Drupal | Drupal | 7.0-alpha1 (including) | 7.0-alpha1 (including) |
Drupal | Drupal | 7.0-alpha2 (including) | 7.0-alpha2 (including) |
Drupal | Drupal | 7.0-alpha3 (including) | 7.0-alpha3 (including) |
Drupal | Drupal | 7.0-alpha4 (including) | 7.0-alpha4 (including) |
Drupal | Drupal | 7.0-alpha5 (including) | 7.0-alpha5 (including) |
Drupal | Drupal | 7.0-alpha6 (including) | 7.0-alpha6 (including) |
Drupal | Drupal | 7.0-alpha7 (including) | 7.0-alpha7 (including) |
Drupal | Drupal | 7.0-beta1 (including) | 7.0-beta1 (including) |
Drupal | Drupal | 7.0-beta2 (including) | 7.0-beta2 (including) |
Drupal | Drupal | 7.0-beta3 (including) | 7.0-beta3 (including) |
Drupal | Drupal | 7.0-dev (including) | 7.0-dev (including) |
Drupal | Drupal | 7.0-rc1 (including) | 7.0-rc1 (including) |
Drupal | Drupal | 7.0-rc2 (including) | 7.0-rc2 (including) |
Drupal | Drupal | 7.0-rc3 (including) | 7.0-rc3 (including) |
Drupal | Drupal | 7.0-rc4 (including) | 7.0-rc4 (including) |
Drupal | Drupal | 7.1 (including) | 7.1 (including) |
Drupal | Drupal | 7.2 (including) | 7.2 (including) |
Drupal | Drupal | 7.3 (including) | 7.3 (including) |
Drupal | Drupal | 7.4 (including) | 7.4 (including) |
Drupal | Drupal | 7.5 (including) | 7.5 (including) |
Drupal | Drupal | 7.6 (including) | 7.6 (including) |
Drupal | Drupal | 7.7 (including) | 7.7 (including) |
Drupal | Drupal | 7.8 (including) | 7.8 (including) |
Drupal | Drupal | 7.9 (including) | 7.9 (including) |
Drupal | Drupal | 7.10 (including) | 7.10 (including) |
Drupal | Drupal | 7.11 (including) | 7.11 (including) |
Drupal | Drupal | 7.12 (including) | 7.12 (including) |
Drupal | Drupal | 7.13 (including) | 7.13 (including) |
Drupal | Drupal | 7.14 (including) | 7.14 (including) |
Drupal | Drupal | 7.15 (including) | 7.15 (including) |
Drupal | Drupal | 7.16 (including) | 7.16 (including) |
Drupal | Drupal | 7.17 (including) | 7.17 (including) |
Drupal | Drupal | 7.18 (including) | 7.18 (including) |
Drupal | Drupal | 7.19 (including) | 7.19 (including) |
Drupal | Drupal | 7.20 (including) | 7.20 (including) |
Drupal | Drupal | 7.21 (including) | 7.21 (including) |
Drupal | Drupal | 7.22 (including) | 7.22 (including) |
Drupal | Drupal | 7.23 (including) | 7.23 (including) |
Drupal | Drupal | 7.24 (including) | 7.24 (including) |
Drupal | Drupal | 7.25 (including) | 7.25 (including) |
Drupal | Drupal | 7.26 (including) | 7.26 (including) |
Drupal | Drupal | 7.27 (including) | 7.27 (including) |
Drupal | Drupal | 7.28 (including) | 7.28 (including) |
Drupal | Drupal | 7.29 (including) | 7.29 (including) |
Drupal | Drupal | 7.30 (including) | 7.30 (including) |
Drupal | Drupal | 7.31 (including) | 7.31 (including) |
Drupal | Drupal | 7.32 (including) | 7.32 (including) |
Drupal | Drupal | 7.33 (including) | 7.33 (including) |
Drupal | Drupal | 7.34 (including) | 7.34 (including) |
Drupal6 | Ubuntu | lucid | * |
Drupal6 | Ubuntu | precise | * |
Drupal6 | Ubuntu | upstream | * |
Drupal7 | Ubuntu | precise | * |
Drupal7 | Ubuntu | trusty | * |
Drupal7 | Ubuntu | trusty/esm | * |
Drupal7 | Ubuntu | upstream | * |
Drupal7 | Ubuntu | utopic | * |