CVE-2016-9450

CWE-3457 documents5 sources
Severity
7.5HIGH
EPSS
0.2%
top 54.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Drupal CoreDrupal Drupal
Timeline
PublishedNov 25
Latest updateMay 17

Description

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Packagistdrupal/core8.08.2.3
Packagistdrupal/drupal8.08.2.3
NVDdrupal/drupal21 versions+20

Patches

Patch: www.drupal.orgPatch: www.drupal.org

🔴Vulnerability Details

3
OSV
Drupal Incorrect cache context on password reset page2022-05-17
GHSA
Drupal Incorrect cache context on password reset page2022-05-17
CVEList
CVE-2016-9450: The user password reset form in Drupal 82016-11-25

💬Community

3
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal: Multiple vulnerabilities fixed in 7.522016-11-18
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal7: drupal: Multiple vulnerabilities fixed in 7.52 [epel-all]2016-11-18
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal7: drupal: Multiple vulnerabilities fixed in 7.52 [fedora-all]2016-11-18
CVE-2016-9450 (HIGH CVSS 7.5) | The user password reset form in Dru | cvebase.io