What is CVE-2009-4534?

CVE-2009-4534 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 4.3.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2009-4534

MEDIUM4.3/ 10.0

Published: December 31, 2009 at 07:30 PM

Modified: April 9, 2025 at 12:30 AM

Source: cve@mitre.org

Vulnerability Description

Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS Metrics

Base Score

4.3

Severity

MEDIUM

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Drupal FAQ Ask module versions 5.x and 6.x prior to 6.x-2.0 are vulnerable to an open redirect flaw, allowing attackers to redirect users to malicious websites. This can facilitate phishing attacks and credential theft, potentially leading to account compromise and data breaches. The vulnerability is easily exploited, making it a significant risk.

02 // Vulnerability Mechanism

Step 1: Craft Malicious URL: The attacker crafts a URL that exploits the open redirect vulnerability. This URL will point to the vulnerable Drupal site and include a parameter that controls the redirection destination (e.g., ?redirect=http://attacker.com).

Step 2: Social Engineering: The attacker uses social engineering techniques (e.g., phishing emails, malicious links on social media) to trick a user into clicking the crafted URL.

Step 3: Redirection: When the user clicks the malicious URL, the vulnerable Drupal module processes the request. Due to the lack of input validation, the module redirects the user to the attacker-specified URL (e.g., http://attacker.com).

Step 4: Phishing/Malicious Activity: The attacker's website (e.g., http://attacker.com) can be a phishing site designed to steal credentials, a site that delivers malware, or any other malicious content.

03 // Deep Technical Analysis

The root cause of CVE-2009-4534 is a failure to properly validate user-supplied input used for redirecting users. Specifically, the FAQ Ask module likely uses user-provided data, potentially from a URL parameter, to determine the destination URL after a form submission or other action. The module does not adequately sanitize or validate this input, allowing an attacker to inject a malicious URL. This allows the attacker to craft a URL that, when clicked by a victim, redirects them to a site controlled by the attacker. The lack of input validation is the core logic flaw.