CVE-2016-9450
- Source
- https://cve.org/CVERecord?id=CVE-2016-9450
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9450.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-9450
- Aliases
- Published
- 2016-11-25T18:59:02.090Z
- Modified
- 2026-04-11T12:03:17.895929Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha10" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha11" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha12" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha13" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha3" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha5" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha6" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha7" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha8" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0.0-alpha9" } ] } ] }- References
Affected packages
Git / github.com/drupal/drupal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/drupal/drupal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "cpe": [ "cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:8.2.2:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "8.0.0" }, { "last_affected": "8.0.0-alpha14" }, { "last_affected": "8.0.0-alpha15" }, { "last_affected": "8.0.0-beta1" }, { "last_affected": "8.0.0-beta10" }, { "last_affected": "8.0.0-beta11" }, { "last_affected": "8.0.0-beta12" }, { "last_affected": "8.0.0-beta13" }, { "last_affected": "8.0.0-beta14" }, { "last_affected": "8.0.0-beta15" }, { "last_affected": "8.0.0-beta16" }, { "last_affected": "8.0.0-beta2" }, { "last_affected": "8.0.0-beta3" }, { "last_affected": "8.0.0-beta4" }, { "last_affected": "8.0.0-beta6" }, { "last_affected": "8.0.0-beta7" }, { "last_affected": "8.0.0-beta9" }, { "last_affected": "8.0.0-rc1" }, { "last_affected": "8.0.0-rc2" }, { "last_affected": "8.0.0-rc3" }, { "last_affected": "8.0.0-rc4" }, { "last_affected": "8.0.1" }, { "last_affected": "8.0.2" }, { "last_affected": "8.0.3" }, { "last_affected": "8.0.4" }, { "last_affected": "8.0.5" }, { "last_affected": "8.0.6" }, { "last_affected": "8.1.0" }, { "last_affected": "8.1.0-beta1" }, { "last_affected": "8.1.0-beta2" }, { "last_affected": "8.1.0-rc1" }, { "last_affected": "8.1.1" }, { "last_affected": "8.1.2" }, { "last_affected": "8.1.3" }, { "last_affected": "8.1.4" }, { "last_affected": "8.1.5" }, { "last_affected": "8.1.6" }, { "last_affected": "8.1.7" }, { "last_affected": "8.1.8" }, { "last_affected": "8.1.9" }, { "last_affected": "8.1.10" }, { "last_affected": "8.2.0" }, { "last_affected": "8.2.0-beta1" }, { "last_affected": "8.2.0-beta2" }, { "last_affected": "8.2.0-beta3" }, { "last_affected": "8.2.0-rc1" }, { "last_affected": "8.2.0-rc2" }, { "last_affected": "8.2.1" }, { "last_affected": "8.2.2" } ] }
Affected versions
1.*
1.0
2.*
2.0
3.*
3.0.1
5.*
5.0-beta-1
5.0-beta-2
5.0-rc-1
5.0-rc-2
6.*
6.0-beta-1
6.0-beta-2
6.0-beta-3
6.0-beta-4
6.0-rc-1
6.0-rc-2
6.0-rc-3
7.*
7.0
7.0-alpha1
7.0-alpha2
7.0-alpha3
7.0-alpha4
7.0-alpha5
7.0-alpha6
7.0-alpha7
7.0-beta1
7.0-beta2
7.0-beta3
7.0-rc-1
7.0-rc-2
7.0-rc-3
7.0-rc-4
7.0-unstable-1
7.0-unstable-10
7.0-unstable-2
7.0-unstable-3
7.0-unstable-4
7.0-unstable-5
7.0-unstable-6
7.0-unstable-7
8.*
8.0-alpha10
8.0-alpha11
8.0-alpha12
8.0-alpha13
8.0-alpha2
8.0-alpha3
8.0-alpha4
8.0-alpha5
8.0-alpha6
8.0-alpha7
8.0-alpha8
8.0-alpha9
8.0.0
8.0.0-alpha14
8.0.0-alpha15
8.0.0-beta1
8.0.0-beta10
8.0.0-beta11
8.0.0-beta12
8.0.0-beta13
8.0.0-beta14
8.0.0-beta15
8.0.0-beta16
8.0.0-beta2
8.0.0-beta3
8.0.0-beta4
8.0.0-beta5
8.0.0-beta6
8.0.0-beta7
8.0.0-beta9
8.0.0-rc1
8.0.0-rc2
8.0.0-rc3
8.0.0-rc4
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.1.0
8.1.0-beta1
8.1.0-beta2
8.1.0-rc1
8.1.1
8.1.10
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.1.7
8.1.8
8.1.9
8.2.0
8.2.0-beta1
8.2.0-beta2
8.2.0-beta3
8.2.0-rc1
8.2.0-rc2
8.2.1
8.2.2
Other
start