CVE-2016-9451

Description

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

How to fix CVE-2016-9451

To remediate CVE-2016-9451, upgrade the affected package to a fixed version below.

• Packagist/drupal/core—upgrade to 7.52 or later

Is CVE-2016-9451 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 7.0, < 7.52

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-9451
• PATCHgithub.com/drupal/core
• WEBwww.drupal.org/SA-CORE-2016-005
• WEBwww.debian.org/security/2016/dsa-3718
• WEBwww.securityfocus.com/bid/94367