CVE-2016-9450

High

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to…

mitre·CWE-345·Published 2016-11-25

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

172 chars

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

NVDen

172 chars

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

OSV.deven

172 chars

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

GHSAen

172 chars

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

NVDes

242 chars

El formulario de reseteo de contraseña de usuario en Drupal 8.x en versiones anteriores a 8.2.3 permite a atacantes remotos llevar a cabo ataques de envenenamiento de caché aprovechando un error para especificar un contexto de caché correcto.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N