CVE-2016-9450

Опубликовано: 25 нояб. 2016

Источник: debian

EPSS Низкий

Описание

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
drupal8	itp			package
drupal7	not-affected			package

Примечания

https://www.drupal.org/SA-CORE-2016-005
https://www.openwall.com/lists/oss-security/2016/11/18/8

EPSS

Процентиль: 53%

0.00305

Низкий

Связанные уязвимости

CVE-2016-9450

CVSS3: 7.5

ubuntu

больше 8 лет назад

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

CVE-2016-9450

CVSS3: 7.5

nvd

больше 8 лет назад

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

GHSA-98w5-wqp9-w466

CVSS3: 7.5

github

около 3 лет назад

Drupal Incorrect cache context on password reset page

EPSS

Процентиль: 53%

0.00305

Низкий