Описание
Drupal Open Redirect
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-3164
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3164.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3164.yaml
- https://www.drupal.org/SA-CORE-2016-001
- http://www.debian.org/security/2016/dsa-3498
- http://www.openwall.com/lists/oss-security/2016/02/24/19
- http://www.openwall.com/lists/oss-security/2016/03/15/10
Пакеты
drupal/drupal
>= 6.0, < 6.38
6.38
drupal/drupal
>= 7.0, < 7.43
7.43
drupal/drupal
>= 8.0, < 8.0.4
8.0.4
drupal/core
>= 8.0, < 8.0.4
8.0.4
drupal/core
>= 7.0, < 7.43
7.43
drupal/core
>= 6.0, < 6.38
6.38
Связанные уязвимости
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might al ...