Vulnerability Details : CVE-2016-3168

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."

Published 2016-04-12 15:59:06

Updated 2016-04-14 14:33:56

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-3168

Probability of exploitation activity in the next 30 days: 0.26%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-3168

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C	6.8	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.4	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H	0.5	5.9	nvd@nist.gov
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-3168

CWE-254

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-3168

http://www.openwall.com/lists/oss-security/2016/02/24/19

oss-security - CVE requests for Drupal core (SA-CORE-2016-001)

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/03/15/10

oss-security - Re: CVE requests for Drupal core (SA-CORE-2016-001)

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3498

Debian -- Security Information -- DSA-3498-1 drupal7

CVEs referencing this url
https://www.drupal.org/SA-CORE-2016-001

Access to this page has been denied.
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2016-3168

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.10
cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.3
cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.1
cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta2
cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha7
cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha2
cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0
cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.12
cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.18
cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.20
cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.22
cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC3
cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.16
cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC2
cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta3
cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.8
cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.7
cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.6
cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.5
cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.4
cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha6
cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha5
cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha4
cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha3
cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.2
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.10
cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.9
cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.1
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC1
cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.11
cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.3
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC3
cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC2
cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC1
cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update DEV
cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.6
cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.7
cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.5
cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.14
cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.13
cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.21
cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.24
cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.23
cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC4
cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta2
cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.11
cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.9
cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.2
cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC4
cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta3
cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta1
cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha1
cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.x-dev
cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.15
cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.8
cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.19
cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.17
cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update DEV
cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta4
cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.4
cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta1
cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.12
cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.13
cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.14
cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.15
cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.25
cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.26
cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.17
cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.16
cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.18
cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.27
cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.19
cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.28
cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.23
cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.22
cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.21
cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.20
cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.24
cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.26
cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.28
cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.25
cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.27
cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.30
cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.29
cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.30
cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.32
cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.29
cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.31
cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.33
cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.34
cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.31
cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.33
cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.34
cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.32
cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.37
cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.35
cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.36
cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.35
cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.38
cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.36
cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.40
cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.42
cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.41
cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.37
cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*
Matching versions