CVE-2012-4489

Current Description

Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter.

Basic Data

PublishedOctober 31, 2012
Last ModifiedMarch 02, 2013
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMark BurdettSecurelogin7.x-1.0*******
      2.3ApplicationMark BurdettSecurelogin7.x-1.1*******
      2.3ApplicationMark BurdettSecurelogin7.x-1.2*******
      2.3ApplicationMark BurdettSecurelogin7.x-1.xdev******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationDrupalDrupal-*******

Vulnerable Software List

VendorProductVersions
Mark Burdett Securelogin 7.x-1.0, 7.x-1.1, 7.x-1.2, 7.x-1.x

References

NameSourceURLTags
http://drupal.org/node/1700594http://drupal.org/node/1700594MISCPATCH Vendor Advisory
http://drupalcode.org/project/securelogin.git/commitdiff/88518dfhttp://drupalcode.org/project/securelogin.git/commitdiff/88518dfCONFIRMExploit PATCH
[oss-security] 20121004 CVE Request for Drupal Contributed Moduleshttp://www.openwall.com/lists/oss-security/2012/10/04/6MLIST
[oss-security] 20121007 Re: CVE Request for Drupal Contributed Moduleshttp://www.openwall.com/lists/oss-security/2012/10/07/1MLIST
54675http://www.securityfocus.com/bid/54675BID
https://drupal.org/node/1692976https://drupal.org/node/1692976CONFIRMPATCH Vendor Advisory
https://drupal.org/node/1698988https://drupal.org/node/1698988CONFIRMPATCH