CVE-2016-3163

CWE-2546 documents5 sources
Severity
7.5HIGH
EPSS
0.9%
top 25.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Drupal CoreDrupal DrupalDebian Debian Linux
Timeline
PublishedApr 12
Latest updateMay 17

Description

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Packagistdrupal/core7.07.43+1
Packagistdrupal/drupal7.07.43+1
NVDdrupal/drupal80 versions+79

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: www.drupal.orgPatch: www.drupal.org

🔴Vulnerability Details

4
OSV
Drupal Brute force amplification attacks via XML-RPC2022-05-17
GHSA
Drupal Brute force amplification attacks via XML-RPC2022-05-17
OSV
CVE-2016-3163: The XML-RPC system in Drupal 62016-04-12
CVEList
CVE-2016-3163: The XML-RPC system in Drupal 62016-04-12

💬Community

1
Bugzilla
CVE-2016-3162 CVE-2016-3163 CVE-2016-3164 CVE-2016-3165 CVE-2016-3166 CVE-2016-3167 CVE-2016-3168 CVE-2016-3169 CVE-2016-3170 CVE-2016-3171 drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-2016-02-26
CVE-2016-3163 (HIGH CVSS 7.5) | The XML-RPC system in Drupal 6.x be | cvebase.io