Main Vulnerability Database Vulnerabilities #VU348

Unauthorized access to Statistics information in Drupal - CVE-2016-6212

Published: August 27, 2016 / Updated: September 13, 2016

Vulnerability identifier: #VU348

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-6212

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Drupal

Affected software:
Drupal

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive data.

The vulnerability exists due to an error in Views module. A remote user without "View content count" permission can see the number of hits collected by the Statistics module for results in the view.

Successful exploitation of this vulnerability may allow an attacker to obtain potentially sensitive information.

How to mitigate CVE-2016-6212

Install the latest version 8.1.3:
https://www.drupal.org/project/drupal/releases/8.1.3

Sources

https://www.drupal.org/SA-CORE-2016-002

Unauthorized access to Statistics information in Drupal - CVE-2016-6212

Detailed vulnerability description

How to mitigate CVE-2016-6212

Sources

Please verify you're human