FreeBSD : drupal -- open redirect vulnerability (75f39413-7a00-11e5-a2a1-002590263bf5)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Drupal development team reports :

The Overlay module in Drupal core displays administrative pages as a
layer over the current page (using JavaScript), rather than replacing
the page in the browser window. The Overlay module does not
sufficiently validate URLs prior to displaying their contents, leading
to an open redirect vulnerability.

This vulnerability is mitigated by the fact that it can only be used
against site users who have the 'Access the administrative overlay'
permission, and that the Overlay module must be enabled.

An incomplete fix for this issue was released as part of
SA-CORE-2015-002.

See also :

https://www.drupal.org/SA-CORE-2015-004
http://www.openwall.com/lists/oss-security/2015/10/23/6
http://www.nessus.org/u?acc6303c

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86587 ()

Bugtraq ID:

CVE ID: CVE-2015-7943

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now