CVE-2016-9451
Vulnerability from cvelistv5
Published
2016-11-25 18:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
0.20% (0.39603)
Summary
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
References
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3718
cve@mitre.orghttp://www.securityfocus.com/bid/94367Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.drupal.org/SA-CORE-2016-005Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3718
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94367Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.drupal.org/SA-CORE-2016-005Patch, Vendor Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T02:50:38.351Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-3718",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3718",
               },
               {
                  name: "94367",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/94367",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.drupal.org/SA-CORE-2016-005",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-11-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-01-04T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-3718",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3718",
            },
            {
               name: "94367",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/94367",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.drupal.org/SA-CORE-2016-005",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-9451",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-3718",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3718",
                  },
                  {
                     name: "94367",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/94367",
                  },
                  {
                     name: "https://www.drupal.org/SA-CORE-2016-005",
                     refsource: "CONFIRM",
                     url: "https://www.drupal.org/SA-CORE-2016-005",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-9451",
      datePublished: "2016-11-25T18:00:00",
      dateReserved: "2016-11-18T00:00:00",
      dateUpdated: "2024-08-06T02:50:38.351Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2016-9451\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-11-25T18:59:03.417\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Formularios de confirmación en Drupal 7.x en versiones anteriores a 7.52 facilita a usuarios remotos autenticados llevar a cabo ataques de redirección abierta a través de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:N\",\"baseScore\":4.9,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48C33CAB-4633-418C-B162-20A2EC24E8DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC3B1750-17AD-4386-B6EE-1AFC9CDFB6C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E0C1873-22A6-4CE9-853D-2A40BD3D9E62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F6DF608-0DA2-455F-AD28-7BE4A7548E48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BCC306D-EB5D-4784-B0B1-B4F9370796F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"5639A5F3-CD18-451C-BA5A-3336C42BED83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0A10CA-F59E-48AC-97E9-8476F63BAEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B7917C-5934-4AFF-B3DB-BE9B099B27FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"16731B53-3CD1-4B98-947B-7621162D8DB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD738402-A50E-4AEB-8F42-607F52DE5540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"199AC10C-6E65-409B-8658-E26240B27E1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B378BEF-B070-4955-A6B3-8F2ACBA96832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"19EC9A36-5EDC-4519-802E-BEA69B18800A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C281EA7-8AE1-4D5A-B03B-B3BE37740195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"024CF5B1-1875-4785-ACAF-35ECCC7914A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F446903-51AC-4FA3-BA90-C2EA59BBDB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE86CC5-956E-4F16-BE7B-2B1CAAEB5C40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0AC1B21-D3BE-4B6A-AE40-8B395E81DD50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E5E8A73-1C02-4900-BC30-83084DC8371C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A92A41E3-BF0F-49BD-9F0F-5FDC11BF2499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D408134A-29E8-4D6A-9352-DB7F9CF55FA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B08C41E-2357-44D5-A3A7-75389B343B8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9F40588-308A-4BA7-AE62-5DCC7D7528EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E41BD65A-F39B-42C5-8776-CE09345A531D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBAFBC02-38E9-41F3-8944-6F6AB0A85941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9069C99D-C935-4272-B7F4-172CFD246835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41BE2EAA-CC60-4EFA-9E75-61EDA0EB69B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71CABDC4-0E47-4E33-9075-79E0D59D9A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74A5893C-A855-4C49-A17A-83B6172C0496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4048A2C7-9646-42E3-9D4B-DE9CF4AC66C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C915139-9B3A-4583-99A9-3447ACEF9E95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BE6A75-15F2-416C-9EBB-6FDD995C7399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D82630-555A-43CE-986D-2D15DD8A68F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9F1B32-B3C0-47AB-96C1-0AEF7A96744A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A23E72D9-9301-4CF8-A083-0AEC91F2845E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"983636D8-084A-40AA-8EEA-39D4D39EA056\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FEAA6C1-D2F5-4C7A-AEEA-FEDD52F039B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCAC8831-637A-49B7-9DFD-93965D0944A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"247FF6EA-E8E8-4AC9-BC03-6D8929DC60EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73AAA716-1DB3-4D38-A52B-F579EE5627AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18257E82-134E-4B4B-9AA4-997582A6FE05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C53AC67F-07A4-4DDF-9A21-AAC32E388454\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E350D8C6-5618-4C7E-8D0D-D448B7B485EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42224177-DEFC-4A23-9707-0C2A96902FDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C0017C6-C985-4F0C-89C4-198063DAB3FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA2A100A-4579-4E32-9ED1-54E6063032CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B41BB85-CED1-4CED-A56E-A58A22AAE4CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19437699-98F7-40EC-B0F9-502CA8126749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3697FD64-0D39-45E0-B91E-6190B13CE8AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B0AE8A-97A8-4105-B0E8-5CABBFD50587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC8AB4B2-AC8C-4E15-BA79-760871794944\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0389B8B-AF62-42DE-8A3E-2FAFA39CAA9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC15097C-4361-4045-872E-23616B01E8A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C6C5838-B6C3-470C-899A-FDD13C2195B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62CE09BA-40FC-4DF8-8CB8-465A5EA3820C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:7.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04A6E3C9-9544-4DB7-8D85-A3DAAC1BC7EB\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2016/dsa-3718\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/94367\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.drupal.org/SA-CORE-2016-005\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/94367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.drupal.org/SA-CORE-2016-005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.