CVE-2016-9452

CWE-20Improper Input Validation7 documents5 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 40.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Drupal CoreDrupal Drupal
Timeline
PublishedNov 25
Latest updateMay 17

Description

The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Packagistdrupal/core8.08.2.3
Packagistdrupal/drupal8.08.2.3
NVDdrupal/drupal21 versions+20

Patches

Patch: www.drupal.orgPatch: www.drupal.org

🔴Vulnerability Details

3
OSV
Drupal Denial of service via transliterate mechanism2022-05-17
GHSA
Drupal Denial of service via transliterate mechanism2022-05-17
CVEList
CVE-2016-9452: The transliterate mechanism in Drupal 82016-11-25

💬Community

3
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal: Multiple vulnerabilities fixed in 7.522016-11-18
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal7: drupal: Multiple vulnerabilities fixed in 7.52 [epel-all]2016-11-18
Bugzilla
CVE-2016-9449 CVE-2016-9450 CVE-2016-9451 CVE-2016-9452 drupal7: drupal: Multiple vulnerabilities fixed in 7.52 [fedora-all]2016-11-18
CVE-2016-9452 (MEDIUM CVSS 6.5) | The transliterate mechanism in Drup | cvebase.io