Vulnerability Description
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | 6.0 |
| Debian | Debian Linux | 7.0 |
References
- http://www.debian.org/security/2016/dsa-3498
- http://www.openwall.com/lists/oss-security/2016/02/24/19
- http://www.openwall.com/lists/oss-security/2016/03/15/10
- https://www.drupal.org/SA-CORE-2016-001PatchVendor Advisory
- http://www.debian.org/security/2016/dsa-3498
- http://www.openwall.com/lists/oss-security/2016/02/24/19
- http://www.openwall.com/lists/oss-security/2016/03/15/10
- https://www.drupal.org/SA-CORE-2016-001PatchVendor Advisory
FAQ
What is CVE-2016-3164?
CVE-2016-3164 is a vulnerability with a CVSS score of 7.4 (HIGH). Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, relat...
How severe is CVE-2016-3164?
CVE-2016-3164 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3164?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal, Debian Debian Linux.