PT-2016-5393 · Drupal · Drupal

Pere Orga

Publicado

2016-02-28

Atualizado

2022-05-17

CVE-2016-3164

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Drupal versions 6.x through 6.37 Drupal versions 7.x through 7.42 Drupal versions 8.x through 8.0.3

Description The issue allows remote attackers to conduct open redirect attacks by leveraging custom code or a form shown on a 404 error page, related to path manipulation.

Recommendations For Drupal versions 6.x through 6.37, update to version 6.38 or later. For Drupal versions 7.x through 7.42, update to version 7.43 or later. For Drupal versions 8.x through 8.0.3, update to version 8.0.4 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2016-3164

DSA-3498-1

GHSA-836P-6P4J-35CG

Produtos afetados

Drupal

PT-2016-5393 · Drupal · Drupal

CVE-2016-3164

Identificadores relacionados

Produtos afetados

Referências · 24