CVE-2016-3164

6 documents5 sources

Severity

7.4HIGH

EPSS

0.7%

top 28.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Drupal Core Drupal Drupal Debian Debian Linux

Timeline

PublishedApr 12

Latest updateMay 17

Description

Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

▶Packagistdrupal/core8.0 — 8.0.4+2

▶Packagistdrupal/drupal6.0 — 6.38+2

▶NVDdrupal/drupal85 versions+84

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: www.drupal.org ↗Patch: www.drupal.org ↗

🔴Vulnerability Details

GHSA

Drupal Open Redirect↗2022-05-17

▶

OSV

Drupal Open Redirect↗2022-05-17

▶

CVEList

CVE-2016-3164: Drupal 6↗2016-04-12

▶

OSV

CVE-2016-3164: Drupal 6↗2016-04-12

▶

💬Community

Bugzilla

CVE-2016-3162 CVE-2016-3163 CVE-2016-3164 CVE-2016-3165 CVE-2016-3166 CVE-2016-3167 CVE-2016-3168 CVE-2016-3169 CVE-2016-3170 CVE-2016-3171 drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-↗2016-02-26

▶