Published: 12/04/2016 Updated: 13/04/2016

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 4 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Drupal 6.x prior to 6.38, 7.x prior to 7.43, and 8.x prior to 8.0.4 might allow remote malicious users to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 8.0.3
drupal drupal 8.0.2
drupal drupal 8.0.1
drupal drupal 8.0.0
drupal drupal 7.32
drupal drupal 7.x-dev
drupal drupal 7.5
drupal drupal 7.38
drupal drupal 7.3
drupal drupal 7.28
drupal drupal 7.21
drupal drupal 7.2
drupal drupal 7.15
drupal drupal 7.13
drupal drupal 7.0
drupal drupal 6.8
drupal drupal 6.6
drupal drupal 6.32
drupal drupal 6.30
drupal drupal 6.24
drupal drupal 6.22
drupal drupal 6.18
drupal drupal 6.16
drupal drupal 6.1
drupal drupal 6.0
drupal drupal 7.42
drupal drupal 7.41
drupal drupal 7.36
drupal drupal 7.35
drupal drupal 7.34
drupal drupal 7.33
drupal drupal 7.19
drupal drupal 7.18
drupal drupal 7.17
drupal drupal 7.16
drupal drupal 6.4
drupal drupal 6.36
drupal drupal 6.35
drupal drupal 6.34
drupal drupal 6.21
drupal drupal 6.20
drupal drupal 6.2
drupal drupal 6.19
drupal drupal 7.9
drupal drupal 7.8
drupal drupal 7.7
drupal drupal 7.6
drupal drupal 7.27
drupal drupal 7.26
drupal drupal 7.25
drupal drupal 7.24
drupal drupal 7.23
drupal drupal 7.11
drupal drupal 7.10
drupal drupal 7.1
drupal drupal 6.37
drupal drupal 6.9
drupal drupal 6.29
drupal drupal 6.28
drupal drupal 6.27
drupal drupal 6.26
drupal drupal 6.14
drupal drupal 6.13
drupal drupal 6.12
drupal drupal 6.11
drupal drupal 7.40
drupal drupal 7.31
drupal drupal 7.4
drupal drupal 7.37
drupal drupal 7.30
drupal drupal 7.29
drupal drupal 7.22
drupal drupal 7.20
drupal drupal 7.14
drupal drupal 7.12
drupal drupal 6.7
drupal drupal 6.5
drupal drupal 6.33
drupal drupal 6.31
drupal drupal 6.3
drupal drupal 6.25
drupal drupal 6.23
drupal drupal 6.17
drupal drupal 6.15
drupal drupal 6.10
debian debian linux 8.0
debian debian linux 7.0

Multiple security vulnerabilities have been found in the Drupal content management framework For additional information, please refer to the upstream advisory at wwwdrupalorg/SA-CORE-2016-001 For the oldstable distribution (wheezy), this problem has been fixed in version 714-2+deb7u12 For the stable distribution (jessie), this problem ...

NVD-CWE-Other http://www.openwall.com/lists/oss-security/2016/02/24/19 http://www.debian.org/security/2016/dsa-3498 https://www.drupal.org/SA-CORE-2016-001 http://www.openwall.com/lists/oss-security/2016/03/15/10 https://nvd.nist.gov https://www.debian.org/security/./dsa-3498

CVE-2016-3164

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect