Lucene search
HistoryNov 25, 2016 - 6:59 p.m.
CVE-2016-9449
cve-2016-9449
drupal
taxonomy module
sensitive information
remote authenticated users
access query tags
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.4%
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Affected configurations
Node
drupaldrupalMatch8.0.0
ORdrupaldrupalMatch8.0.0alpha10
ORdrupaldrupalMatch8.0.0alpha11
ORdrupaldrupalMatch8.0.0alpha12
ORdrupaldrupalMatch8.0.0alpha13
ORdrupaldrupalMatch8.0.0alpha14
ORdrupaldrupalMatch8.0.0alpha15
ORdrupaldrupalMatch8.0.0alpha2
ORdrupaldrupalMatch8.0.0alpha3
ORdrupaldrupalMatch8.0.0alpha4
ORdrupaldrupalMatch8.0.0alpha5
ORdrupaldrupalMatch8.0.0alpha6
ORdrupaldrupalMatch8.0.0alpha7
ORdrupaldrupalMatch8.0.0alpha8
ORdrupaldrupalMatch8.0.0alpha9
ORdrupaldrupalMatch8.0.0beta1
ORdrupaldrupalMatch8.0.0beta10
ORdrupaldrupalMatch8.0.0beta11
ORdrupaldrupalMatch8.0.0beta12
ORdrupaldrupalMatch8.0.0beta13
ORdrupaldrupalMatch8.0.0beta14
ORdrupaldrupalMatch8.0.0beta15
ORdrupaldrupalMatch8.0.0beta16
ORdrupaldrupalMatch8.0.0beta2
ORdrupaldrupalMatch8.0.0beta3
ORdrupaldrupalMatch8.0.0beta4
ORdrupaldrupalMatch8.0.0beta6
ORdrupaldrupalMatch8.0.0beta7
ORdrupaldrupalMatch8.0.0beta9
ORdrupaldrupalMatch8.0.0rc1
ORdrupaldrupalMatch8.0.0rc2
ORdrupaldrupalMatch8.0.0rc3
ORdrupaldrupalMatch8.0.0rc4
ORdrupaldrupalMatch8.0.1
ORdrupaldrupalMatch8.0.2
ORdrupaldrupalMatch8.0.3
ORdrupaldrupalMatch8.0.4
ORdrupaldrupalMatch8.0.5
ORdrupaldrupalMatch8.0.6
ORdrupaldrupalMatch8.1.0
ORdrupaldrupalMatch8.1.0beta1
ORdrupaldrupalMatch8.1.0beta2
ORdrupaldrupalMatch8.1.0rc1
ORdrupaldrupalMatch8.1.1
ORdrupaldrupalMatch8.1.2
ORdrupaldrupalMatch8.1.3
ORdrupaldrupalMatch8.1.4
ORdrupaldrupalMatch8.1.5
ORdrupaldrupalMatch8.1.6
ORdrupaldrupalMatch8.1.7
ORdrupaldrupalMatch8.1.8
ORdrupaldrupalMatch8.1.9
ORdrupaldrupalMatch8.1.10
ORdrupaldrupalMatch8.2.0
ORdrupaldrupalMatch8.2.0beta1
ORdrupaldrupalMatch8.2.0beta2
ORdrupaldrupalMatch8.2.0beta3
ORdrupaldrupalMatch8.2.0rc1
ORdrupaldrupalMatch8.2.0rc2
ORdrupaldrupalMatch8.2.1
ORdrupaldrupalMatch8.2.2
Node
drupaldrupalMatch7.0
ORdrupaldrupalMatch7.0alpha1
ORdrupaldrupalMatch7.0alpha2
ORdrupaldrupalMatch7.0alpha3
ORdrupaldrupalMatch7.0alpha4
ORdrupaldrupalMatch7.0alpha5
ORdrupaldrupalMatch7.0alpha6
ORdrupaldrupalMatch7.0alpha7
ORdrupaldrupalMatch7.0beta1
ORdrupaldrupalMatch7.0beta2
ORdrupaldrupalMatch7.0beta3
ORdrupaldrupalMatch7.0dev
ORdrupaldrupalMatch7.0rc1
ORdrupaldrupalMatch7.0rc2
ORdrupaldrupalMatch7.0rc3
ORdrupaldrupalMatch7.0rc4
ORdrupaldrupalMatch7.1
ORdrupaldrupalMatch7.2
ORdrupaldrupalMatch7.3
ORdrupaldrupalMatch7.4
ORdrupaldrupalMatch7.10
ORdrupaldrupalMatch7.11
ORdrupaldrupalMatch7.12
ORdrupaldrupalMatch7.13
ORdrupaldrupalMatch7.14
ORdrupaldrupalMatch7.15
ORdrupaldrupalMatch7.16
ORdrupaldrupalMatch7.17
ORdrupaldrupalMatch7.18
ORdrupaldrupalMatch7.19
ORdrupaldrupalMatch7.20
ORdrupaldrupalMatch7.21
ORdrupaldrupalMatch7.22
ORdrupaldrupalMatch7.23
ORdrupaldrupalMatch7.24
ORdrupaldrupalMatch7.25
ORdrupaldrupalMatch7.26
ORdrupaldrupalMatch7.27
ORdrupaldrupalMatch7.28
ORdrupaldrupalMatch7.29
ORdrupaldrupalMatch7.30
ORdrupaldrupalMatch7.31
ORdrupaldrupalMatch7.32
ORdrupaldrupalMatch7.33
ORdrupaldrupalMatch7.34
ORdrupaldrupalMatch7.35
ORdrupaldrupalMatch7.36
ORdrupaldrupalMatch7.37
ORdrupaldrupalMatch7.38
ORdrupaldrupalMatch7.40
ORdrupaldrupalMatch7.41
ORdrupaldrupalMatch7.42
ORdrupaldrupalMatch7.43
ORdrupaldrupalMatch7.44
ORdrupaldrupalMatch7.50
ORdrupaldrupalMatch7.51
Related
cvelist
cvelist
CVE-2016-9449
2016-11-25 18:00:00
nvd
nvd
CVE-2016-9449
2016-11-25 18:59:00
github
github
Drupal sensitive information disclosure
2022-05-17 03:05:27
nessus
nessus
Fedora 25 : drupal7 (2016-95b1be8a3d)
2016-11-30 00:00:00
Fedora 23 : drupal7 (2016-ff9a74c6dc)
2016-12-01 00:00:00
Fedora 24 : drupal7 (2016-1cc5edde49)
2016-11-30 00:00:00
prion
prion
Information disclosure
2016-11-25 18:59:00
debiancve
debiancve
CVE-2016-9449
2016-11-25 18:59:00
osv
osv
Drupal sensitive information disclosure
2022-05-17 03:05:27
friendsofphp
friendsofphp
Inconsistent name for term access query
2016-11-16 18:45:00
Inconsistent name for term access query
2016-11-16 18:45:00
veracode
veracode
Information Disclosure
2017-07-26 02:48:17
ubuntucve
ubuntucve
CVE-2016-9449
2016-11-25 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3718-1)
2016-11-16 00:00:00
Mageia: Security Advisory (MGASA-2016-0413)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-715-1)
2023-03-08 00:00:00
mageia
mageia
Updated drupal packages fix security vulnerability
2016-12-07 14:48:35
debian
debian
[SECURITY] [DLA 715-1] drupal7 security update
2016-11-21 13:21:18
fedora
fedora
[SECURITY] Fedora 23 Update: drupal7-7.52-1.fc23
2016-11-29 23:53:57
[SECURITY] Fedora 24 Update: drupal7-7.52-1.fc24
2016-11-30 03:53:53
[SECURITY] Fedora 25 Update: drupal7-7.52-1.fc25
2016-11-30 05:31:10
archlinux
archlinux
[ASA-201611-20] drupal: multiple issues
2016-11-19 00:00:00
drupal
drupal
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005
2016-11-16 00:00:00
ibm
ibm
freebsd
freebsd
Drupal Code -- Multiple Vulnerabilities
2016-11-16 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.4%
Related for CVE-2016-9449