CVE-2015-2749

Low

Low Medium High Critical

CVSS Score

Published: Sep 13, 2017

Last Modified: Apr 20, 2025

Vulnerability Description

Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

Known Affected Software

72 configuration(s) from 2 vendor(s)

debian_linux

Version:

8.0

CPE:

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

debian_linux

Version:

9.0

CPE:

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

drupal

Version:

6.14

CPE:

cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*

drupal

Version:

7.26

CPE:

cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*

drupal

Version:

6.17

CPE:

cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*

drupal

Version:

6.15

CPE:

cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*

drupal

Version:

6.31

CPE:

cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*

drupal

Version:

7.9

CPE:

cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*

drupal

Version:

6.20

CPE:

cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*

drupal

Version:

6.7

CPE:

cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*

drupal

Version:

7.5

CPE:

cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*

drupal

Version:

7.3

CPE:

cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*

drupal

Version:

7.32

CPE:

cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*

drupal

Version:

7.24

CPE:

cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*

drupal

Version:

7.4

CPE:

cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*

drupal

Version:

6.30

CPE:

cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*

drupal

Version:

6.11

CPE:

cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*

drupal

Version:

7.11

CPE:

cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*

drupal

Version:

7.0

CPE:

cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*

drupal

Version:

7.21

CPE:

cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*

drupal

Version:

7.27

CPE:

cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*

drupal

Version:

6.29

CPE:

cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*

drupal

Version:

6.0

CPE:

cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*

drupal

Version:

6.26

CPE:

cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*

drupal

Version:

6.9

CPE:

cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*

drupal

Version:

6.8

CPE:

cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*

drupal

Version:

6.18

CPE:

cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*

drupal

Version:

6.34

CPE:

cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*

drupal

Version:

6.24

CPE:

cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*

drupal

Version:

6.21

CPE:

cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*

drupal

Version:

7.23

CPE:

cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*

drupal

Version:

6.28

CPE:

cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*

drupal

Version:

7.8

CPE:

cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*

drupal

Version:

6.1

CPE:

cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*

drupal

Version:

7.7

CPE:

cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*

drupal

Version:

6.22

CPE:

cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*

drupal

Version:

7.10

CPE:

cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*

drupal

Version:

6.33

CPE:

cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*

drupal

Version:

7.33

CPE:

cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*

drupal

Version:

7.2

CPE:

cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*

drupal

Version:

6.5

CPE:

cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*

drupal

Version:

7.29

CPE:

cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*

drupal

Version:

6.32

CPE:

cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*

drupal

Version:

7.15

CPE:

cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*

drupal

Version:

6.4

CPE:

cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*

drupal

Version:

6.2

CPE:

cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*

drupal

Version:

7.22

CPE:

cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*

drupal

Version:

7.25

CPE:

cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*

drupal

Version:

6.27

CPE:

cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*

drupal

Version:

6.13

CPE:

cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*

drupal

Version:

7.34

CPE:

cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*

drupal

Version:

7.28

CPE:

cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*

drupal

Version:

7.16

CPE:

cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*

drupal

Version:

7.1

CPE:

cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*

drupal

Version:

7.30

CPE:

cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*

drupal

Version:

7.13

CPE:

cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*

drupal

Version:

7.14

CPE:

cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*

drupal

Version:

7.31

CPE:

cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*

drupal

Version:

7.17

CPE:

cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*

drupal

Version:

7.19

CPE:

cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*

drupal

Version:

6.19

CPE:

cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*

drupal

Version:

7.12

CPE:

cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*

drupal

Version:

6.23

CPE:

cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*

drupal

Version:

7.20

CPE:

cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*

drupal

Version:

7.18

CPE:

cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*

drupal

Version:

6.12

CPE:

cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*

drupal

Version:

6.3

CPE:

cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*

drupal

Version:

6.10

CPE:

cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*

drupal

Version:

6.16

CPE:

cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*

drupal

Version:

6.25

CPE:

cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*

drupal

Version:

6.6

CPE:

cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*

drupal

Version:

7.6

CPE:

cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*

This vulnerability affects 72 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Description: The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Exploit Likelihood: Low
Typical Severity: High
Abstraction Level: Base