Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Drupal 7.x < 7.41 Overlay Module Open Redirect

Medium

Synopsis

The remote server is hosting an outdated installation of Drupal that is affected by an open redirect vulnerability.

Description

The remote web server is running a version of Drupal that is 7.x prior to 7.41. It is, therefore, affected by an open redirect vulnerability in the Overlay module due to improper validation of URLs before displaying their contents. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect a victim from an intended legitimate website to an arbitrary website. This vulnerability can only be exploited against Drupal users who have both the 'Access the administrative overlay' permission and the Overlay module enabled.

Solution

Upgrade to Drupal 7.41, or later.