CVE-2016-9451

Опубликовано: 25 нояб. 2016

Источник: nvd

CVSS3: 6.8

CVSS2: 4.9

EPSS Низкий

Описание

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

Ссылки

http://www.debian.org/security/2016/dsa-3718
http://www.securityfocus.com/bid/94367
Third Party Advisory
VDB Entry
https://www.drupal.org/SA-CORE-2016-005
Patch
Vendor Advisory
http://www.debian.org/security/2016/dsa-3718
http://www.securityfocus.com/bid/94367
Third Party Advisory
VDB Entry
https://www.drupal.org/SA-CORE-2016-005
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.43:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.44:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.50:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.51:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00202

Низкий

6.8 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2016-9451

CVSS3: 6.8

ubuntu

больше 8 лет назад

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

CVE-2016-9451

CVSS3: 6.8

debian

больше 8 лет назад

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...

GHSA-66gr-xrcf-8jpq

CVSS3: 6.8

github

около 3 лет назад

Drupal Open Redirect

EPSS

Процентиль: 43%

0.00202

Низкий

6.8 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-601