FreeBSD : drupal -- open redirect vulnerability (75f39413-7a00-11e5-a2a1-002590263bf5)

Medium Nessus Plugin ID 86587


The remote FreeBSD host is missing a security-related update.


Drupal development team reports :

The Overlay module in Drupal core displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability.

This vulnerability is mitigated by the fact that it can only be used against site users who have the 'Access the administrative overlay' permission, and that the Overlay module must be enabled.

An incomplete fix for this issue was released as part of SA-CORE-2015-002.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 86587

File Name: freebsd_pkg_75f394137a0011e5a2a1002590263bf5.nasl

Version: $Revision: 2.6 $

Type: local

Published: 2015/10/26

Modified: 2018/02/01

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N


Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal7, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/10/24

Vulnerability Publication Date: 2015/10/21

Reference Information

CVE: CVE-2015-7943