CVE-2016-3162

Published on: 04/12/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:02 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Certain versions of Debian Linux from Debian contain the following vulnerability:

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

  • CVE-2016-3162 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH NONE

CVSS2 Score: 6.5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
oss-security - CVE requests for Drupal core (SA-CORE-2016-001) www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001 | Drupal.org Patch
Vendor Advisory
www.drupal.org
text/html
URL Logo CONFIRM www.drupal.org/SA-CORE-2016-001
oss-security - Re: CVE requests for Drupal core (SA-CORE-2016-001) www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)
Debian -- Security Information -- DSA-3498-1 drupal7 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3498

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
ApplicationDrupalDrupal7.0AllAllAll
ApplicationDrupalDrupal7.0alpha1AllAll
ApplicationDrupalDrupal7.0alpha2AllAll
ApplicationDrupalDrupal7.0alpha3AllAll
ApplicationDrupalDrupal7.0alpha4AllAll
ApplicationDrupalDrupal7.0alpha5AllAll
ApplicationDrupalDrupal7.0alpha6AllAll
ApplicationDrupalDrupal7.0alpha7AllAll
ApplicationDrupalDrupal7.0beta1AllAll
ApplicationDrupalDrupal7.0beta2AllAll
ApplicationDrupalDrupal7.0beta3AllAll
ApplicationDrupalDrupal7.0devAllAll
ApplicationDrupalDrupal7.0rc1AllAll
ApplicationDrupalDrupal7.0rc2AllAll
ApplicationDrupalDrupal7.0rc3AllAll
ApplicationDrupalDrupal7.0rc4AllAll
ApplicationDrupalDrupal7.1AllAllAll
ApplicationDrupalDrupal7.10AllAllAll
ApplicationDrupalDrupal7.11AllAllAll
ApplicationDrupalDrupal7.12AllAllAll
ApplicationDrupalDrupal7.13AllAllAll
ApplicationDrupalDrupal7.14AllAllAll
ApplicationDrupalDrupal7.15AllAllAll
ApplicationDrupalDrupal7.16AllAllAll
ApplicationDrupalDrupal7.17AllAllAll
ApplicationDrupalDrupal7.18AllAllAll
ApplicationDrupalDrupal7.19AllAllAll
ApplicationDrupalDrupal7.2AllAllAll
ApplicationDrupalDrupal7.20AllAllAll
ApplicationDrupalDrupal7.21AllAllAll
ApplicationDrupalDrupal7.22AllAllAll
ApplicationDrupalDrupal7.23AllAllAll
ApplicationDrupalDrupal7.24AllAllAll
ApplicationDrupalDrupal7.25AllAllAll
ApplicationDrupalDrupal7.26AllAllAll
ApplicationDrupalDrupal7.27AllAllAll
ApplicationDrupalDrupal7.28AllAllAll
ApplicationDrupalDrupal7.29AllAllAll
ApplicationDrupalDrupal7.3AllAllAll
ApplicationDrupalDrupal7.30AllAllAll
ApplicationDrupalDrupal7.31AllAllAll
ApplicationDrupalDrupal7.32AllAllAll
ApplicationDrupalDrupal7.33AllAllAll
ApplicationDrupalDrupal7.34AllAllAll
ApplicationDrupalDrupal7.35AllAllAll
ApplicationDrupalDrupal7.36AllAllAll
ApplicationDrupalDrupal7.37AllAllAll
ApplicationDrupalDrupal7.38AllAllAll
ApplicationDrupalDrupal7.4AllAllAll
ApplicationDrupalDrupal7.40AllAllAll
ApplicationDrupalDrupal7.41AllAllAll
ApplicationDrupalDrupal7.5AllAllAll
ApplicationDrupalDrupal7.6AllAllAll
ApplicationDrupalDrupal7.7AllAllAll
ApplicationDrupalDrupal7.8AllAllAll
ApplicationDrupalDrupal7.9AllAllAll
ApplicationDrupalDrupal7.x-devAllAllAll
ApplicationDrupalDrupal8.0.0AllAllAll
ApplicationDrupalDrupal8.0.1AllAllAll
ApplicationDrupalDrupal8.0.2AllAllAll
ApplicationDrupalDrupal8.0.3AllAllAll
ApplicationDrupalDrupal7.0AllAllAll
ApplicationDrupalDrupal7.0alpha1AllAll
ApplicationDrupalDrupal7.0alpha2AllAll
ApplicationDrupalDrupal7.0alpha3AllAll
ApplicationDrupalDrupal7.0alpha4AllAll
ApplicationDrupalDrupal7.0alpha5AllAll
ApplicationDrupalDrupal7.0alpha6AllAll
ApplicationDrupalDrupal7.0alpha7AllAll
ApplicationDrupalDrupal7.0beta1AllAll
ApplicationDrupalDrupal7.0beta2AllAll
ApplicationDrupalDrupal7.0beta3AllAll
ApplicationDrupalDrupal7.0devAllAll
ApplicationDrupalDrupal7.0rc1AllAll
ApplicationDrupalDrupal7.0rc2AllAll
ApplicationDrupalDrupal7.0rc3AllAll
ApplicationDrupalDrupal7.0rc4AllAll
ApplicationDrupalDrupal7.1AllAllAll
ApplicationDrupalDrupal7.10AllAllAll
ApplicationDrupalDrupal7.11AllAllAll
ApplicationDrupalDrupal7.12AllAllAll
ApplicationDrupalDrupal7.13AllAllAll
ApplicationDrupalDrupal7.14AllAllAll
ApplicationDrupalDrupal7.15AllAllAll
ApplicationDrupalDrupal7.16AllAllAll
ApplicationDrupalDrupal7.17AllAllAll
ApplicationDrupalDrupal7.18AllAllAll
ApplicationDrupalDrupal7.19AllAllAll
ApplicationDrupalDrupal7.2AllAllAll
ApplicationDrupalDrupal7.20AllAllAll
ApplicationDrupalDrupal7.21AllAllAll
ApplicationDrupalDrupal7.22AllAllAll
ApplicationDrupalDrupal7.23AllAllAll
ApplicationDrupalDrupal7.24AllAllAll
ApplicationDrupalDrupal7.25AllAllAll
ApplicationDrupalDrupal7.26AllAllAll
ApplicationDrupalDrupal7.27AllAllAll
ApplicationDrupalDrupal7.28AllAllAll
ApplicationDrupalDrupal7.29AllAllAll
ApplicationDrupalDrupal7.3AllAllAll
ApplicationDrupalDrupal7.30AllAllAll
ApplicationDrupalDrupal7.31AllAllAll
ApplicationDrupalDrupal7.32AllAllAll
ApplicationDrupalDrupal7.33AllAllAll
ApplicationDrupalDrupal7.34AllAllAll
ApplicationDrupalDrupal7.35AllAllAll
ApplicationDrupalDrupal7.36AllAllAll
ApplicationDrupalDrupal7.37AllAllAll
ApplicationDrupalDrupal7.38AllAllAll
ApplicationDrupalDrupal7.4AllAllAll
ApplicationDrupalDrupal7.40AllAllAll
ApplicationDrupalDrupal7.41AllAllAll
ApplicationDrupalDrupal7.5AllAllAll
ApplicationDrupalDrupal7.6AllAllAll
ApplicationDrupalDrupal7.7AllAllAll
ApplicationDrupalDrupal7.8AllAllAll
ApplicationDrupalDrupal7.9AllAllAll
ApplicationDrupalDrupal7.x-devAllAllAll
ApplicationDrupalDrupal8.0.0AllAllAll
ApplicationDrupalDrupal8.0.1AllAllAll
ApplicationDrupalDrupal8.0.2AllAllAll
ApplicationDrupalDrupal8.0.3AllAllAll
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*: