Input validation error - CVE-2016-3165
Published: September 9, 2016
Vulnerability identifier: #VU397
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-3165
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulneraility allows remote authenticated user to get access to potentially sensitive information.
The vulnerability exists due to bypassing of security control that allows remote attacker to submit new input and get access to the buttons they weren't allowed to use.
Successful exploitation of this vulnerability may allow a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to bypassing of security control that allows remote attacker to submit new input and get access to the buttons they weren't allowed to use.
Successful exploitation of this vulnerability may allow a remote attacker to obtain potentially sensitive information.
How to mitigate CVE-2016-3165
Upgrade Drupal 6.x to Drupal core 6.38.
Upgrade Drupal 7.x to Drupal core 7.43.
Upgrade Drupal 8.0.x to Drupal core 8.0.4.