Lucene search

[email protected]NVD:CVE-2016-9452

HistoryNov 25, 2016 - 6:59 p.m.

CVE-2016-9452

2016-11-2518:59:04

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

50.7%

JSON

The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.

Affected configurations

Nvd

Node

drupaldrupalMatch8.0.0

drupaldrupalMatch8.0.0alpha10

drupaldrupalMatch8.0.0alpha11

drupaldrupalMatch8.0.0alpha12

drupaldrupalMatch8.0.0alpha13

drupaldrupalMatch8.0.0alpha14

drupaldrupalMatch8.0.0alpha15

drupaldrupalMatch8.0.0alpha2

drupaldrupalMatch8.0.0alpha3

drupaldrupalMatch8.0.0alpha4

drupaldrupalMatch8.0.0alpha5

drupaldrupalMatch8.0.0alpha6

drupaldrupalMatch8.0.0alpha7

drupaldrupalMatch8.0.0alpha8

drupaldrupalMatch8.0.0alpha9

drupaldrupalMatch8.0.0beta1

drupaldrupalMatch8.0.0beta10

drupaldrupalMatch8.0.0beta11

drupaldrupalMatch8.0.0beta12

drupaldrupalMatch8.0.0beta13

drupaldrupalMatch8.0.0beta14

drupaldrupalMatch8.0.0beta15

drupaldrupalMatch8.0.0beta16

drupaldrupalMatch8.0.0beta2

drupaldrupalMatch8.0.0beta3

drupaldrupalMatch8.0.0beta4

drupaldrupalMatch8.0.0beta6

drupaldrupalMatch8.0.0beta7

drupaldrupalMatch8.0.0beta9

drupaldrupalMatch8.0.0rc1

drupaldrupalMatch8.0.0rc2

drupaldrupalMatch8.0.0rc3

drupaldrupalMatch8.0.0rc4

drupaldrupalMatch8.0.1

drupaldrupalMatch8.0.2

drupaldrupalMatch8.0.3

drupaldrupalMatch8.0.4

drupaldrupalMatch8.0.5

drupaldrupalMatch8.0.6

drupaldrupalMatch8.1.0

drupaldrupalMatch8.1.0beta1

drupaldrupalMatch8.1.0beta2

drupaldrupalMatch8.1.0rc1

drupaldrupalMatch8.1.1

drupaldrupalMatch8.1.2

drupaldrupalMatch8.1.3

drupaldrupalMatch8.1.4

drupaldrupalMatch8.1.5

drupaldrupalMatch8.1.6

drupaldrupalMatch8.1.7

drupaldrupalMatch8.1.8

drupaldrupalMatch8.1.9

drupaldrupalMatch8.1.10

drupaldrupalMatch8.2.0

drupaldrupalMatch8.2.0beta1

drupaldrupalMatch8.2.0beta2

drupaldrupalMatch8.2.0beta3

drupaldrupalMatch8.2.0rc1

drupaldrupalMatch8.2.0rc2

drupaldrupalMatch8.2.1

drupaldrupalMatch8.2.2

References

www.securityfocus.com/bid/94367

www.drupal.org/SA-CORE-2016-005

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

50.7%

JSON

Related for NVD:CVE-2016-9452

cvelist1 debiancve1 friendsofphp2 veracode1 ubuntucve1 cve1 osv1 github1 prion1 nessus5 archlinux1 ibm1 openvas5 freebsd1 drupal1