CVE-2016-9449
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Known Affected Software
62 configuration(s) from 1 vendor(s)
drupal
Version:
7.38
CPE:
cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*
drupal
Version:
8.2.2
CPE:
cpe:2.3:a:drupal:drupal:8.2.2:*:*:*:*:*:*:*
drupal
Version:
7.26
CPE:
cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*
drupal
Version:
7.3
CPE:
cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
drupal
Version:
7.32
CPE:
cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*
drupal
Version:
7.24
CPE:
cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*
drupal
Version:
8.1.10
CPE:
cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*
drupal
Version:
8.0.0
CPE:
cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*
drupal
Version:
7.41
CPE:
cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*
drupal
Version:
7.42
CPE:
cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*
drupal
Version:
7.4
CPE:
cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
drupal
Version:
8.1.4
CPE:
cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*
drupal
Version:
8.1.2
CPE:
cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*
drupal
Version:
7.11
CPE:
cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
drupal
Version:
7.0
CPE:
cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
drupal
Version:
7.21
CPE:
cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*
drupal
Version:
7.27
CPE:
cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*
drupal
Version:
8.0.3
CPE:
cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*
drupal
Version:
7.50
CPE:
cpe:2.3:a:drupal:drupal:7.50:*:*:*:*:*:*:*
drupal
Version:
8.0.2
CPE:
cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*
drupal
Version:
7.44
CPE:
cpe:2.3:a:drupal:drupal:7.44:*:*:*:*:*:*:*
drupal
Version:
8.0.1
CPE:
cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*
drupal
Version:
7.51
CPE:
cpe:2.3:a:drupal:drupal:7.51:*:*:*:*:*:*:*
drupal
Version:
7.23
CPE:
cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*
drupal
Version:
7.35
CPE:
cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*
drupal
Version:
8.1.3
CPE:
cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*
drupal
Version:
8.2.0
CPE:
cpe:2.3:a:drupal:drupal:8.2.0:-:*:*:*:*:*:*
drupal
Version:
8.1.7
CPE:
cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*
drupal
Version:
7.43
CPE:
cpe:2.3:a:drupal:drupal:7.43:*:*:*:*:*:*:*
drupal
Version:
8.2.1
CPE:
cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*
drupal
Version:
8.1.5
CPE:
cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*
drupal
Version:
7.36
CPE:
cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*
drupal
Version:
7.10
CPE:
cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
drupal
Version:
8.0.4
CPE:
cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*
drupal
Version:
7.33
CPE:
cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*
drupal
Version:
8.1.0
CPE:
cpe:2.3:a:drupal:drupal:8.1.0:-:*:*:*:*:*:*
drupal
Version:
7.2
CPE:
cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
drupal
Version:
8.1.8
CPE:
cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*
drupal
Version:
7.29
CPE:
cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*
drupal
Version:
7.15
CPE:
cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*
drupal
Version:
8.0.5
CPE:
cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*
drupal
Version:
7.22
CPE:
cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*
drupal
Version:
7.25
CPE:
cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*
drupal
Version:
8.0.6
CPE:
cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*
drupal
Version:
8.1.9
CPE:
cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*
drupal
Version:
7.34
CPE:
cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*
drupal
Version:
7.28
CPE:
cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*
drupal
Version:
7.16
CPE:
cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*
drupal
Version:
7.1
CPE:
cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
drupal
Version:
7.30
CPE:
cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*
drupal
Version:
7.13
CPE:
cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*
drupal
Version:
7.14
CPE:
cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
drupal
Version:
7.31
CPE:
cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*
drupal
Version:
7.37
CPE:
cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*
drupal
Version:
7.17
CPE:
cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*
drupal
Version:
7.19
CPE:
cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*
drupal
Version:
7.12
CPE:
cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
drupal
Version:
7.20
CPE:
cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*
drupal
Version:
7.18
CPE:
cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*
drupal
Version:
8.1.1
CPE:
cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*
drupal
Version:
7.40
CPE:
cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*
drupal
Version:
8.1.6
CPE:
cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*
This vulnerability affects 62 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.debian.org/security/2016/dsa-3718cve@mitre.org
-
http://www.securityfocus.com/bid/94367cve@mitre.org Third Party Advisory VDB Entry
-
https://www.drupal.org/SA-CORE-2016-005cve@mitre.org Patch Vendor Advisory
-
http://www.debian.org/security/2016/dsa-3718af854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/94367af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://www.drupal.org/SA-CORE-2016-005af854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
- Description
- The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- November 25, 2016
