Description

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Remediation

References

CVE-2016-3171

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-1999-0278)

WordPress Plugin eShop Multiple Vulnerabilities (6.3.13)

Joomla! Core 3.0.x Denial of Service (3.0.0 - 3.0.3)

Apache HTTP Server Other Vulnerability (CVE-2013-4352)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.22)

Severity

High

Classification

CVE-2016-3171 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities