Drupal Core PHP5 drupal_goto Destination Open Redirect Vulnerability (CVE-2016-3167)

2016年5月31日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 緊急

概要

Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

対応方法

Trend Micro Deep Security DPI Rule Number: 1006346