PT-2016-5392 · Drupal · Drupal
Pere Orga
·
Published
2016-02-28
·
Updated
2022-05-17
·
CVE-2016-3163
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal versions 6.x through 6.37
Drupal versions 7.x through 7.42
Description
The XML-RPC system might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.
Recommendations
For Drupal versions 6.x through 6.37, update to version 6.38 or later.
For Drupal versions 7.x through 7.42, update to version 7.43 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal