What is the severity of CVE-2016-3162?

CVE-2016-3162 has a severity rating of highly critical due to its potential for file upload access bypass and denial of service.

How do I fix CVE-2016-3162?

To fix CVE-2016-3162, update your Drupal installation to version 7.43 or 8.0.4 or later.

Which versions are affected by CVE-2016-3162?

CVE-2016-3162 affects Drupal versions 7.x before 7.43 and 8.x before 8.0.4.

What is the impact of CVE-2016-3162?

The impact of CVE-2016-3162 includes unauthorized access to files and potential denial of service, which may compromise sensitive data.

Who can exploit CVE-2016-3162?

CVE-2016-3162 can be exploited by remote authenticated users who have permission to create content.

Vulnerability/
CVE-2016-3162

high

8.1

CWE

284

15/2/2016

12/4/2016

5/8/2024

CVE-2016-3162

First published: Mon Feb 15 2016(Updated: )

File upload access bypass and denial of service

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/drupal/core	>=8.0<8.0.4
composer/drupal/drupal	>=8.0<8.0.4
composer/drupal/drupal	>=7.0<7.43	7.43
composer/drupal/drupal	>=8.0<8.0.4	8.0.4
composer/drupal/core	>=8.0<8.0.4	8.0.4
composer/drupal/core	>=7.0<7.43	7.43
Drupal Drupal	=7.0
Drupal Drupal	=7.0-alpha1
Drupal Drupal	=7.0-alpha2
Drupal Drupal	=7.0-alpha3
Drupal Drupal	=7.0-alpha4
Drupal Drupal	=7.0-alpha5
Drupal Drupal	=7.0-alpha6
Drupal Drupal	=7.0-alpha7
Drupal Drupal	=7.0-beta1
Drupal Drupal	=7.0-beta2
Drupal Drupal	=7.0-beta3
Drupal Drupal	=7.0-dev
Drupal Drupal	=7.0-rc1
Drupal Drupal	=7.0-rc2
Drupal Drupal	=7.0-rc3
Drupal Drupal	=7.0-rc4
Drupal Drupal	=7.1
Drupal Drupal	=7.2
Drupal Drupal	=7.3
Drupal Drupal	=7.4
Drupal Drupal	=7.5
Drupal Drupal	=7.6
Drupal Drupal	=7.7
Drupal Drupal	=7.8
Drupal Drupal	=7.9
Drupal Drupal	=7.10
Drupal Drupal	=7.11
Drupal Drupal	=7.12
Drupal Drupal	=7.13
Drupal Drupal	=7.14
Drupal Drupal	=7.15
Drupal Drupal	=7.16
Drupal Drupal	=7.17
Drupal Drupal	=7.18
Drupal Drupal	=7.19
Drupal Drupal	=7.20
Drupal Drupal	=7.21
Drupal Drupal	=7.22
Drupal Drupal	=7.23
Drupal Drupal	=7.24
Drupal Drupal	=7.25
Drupal Drupal	=7.26
Drupal Drupal	=7.27
Drupal Drupal	=7.28
Drupal Drupal	=7.29
Drupal Drupal	=7.30
Drupal Drupal	=7.31
Drupal Drupal	=7.32
Drupal Drupal	=7.33
Drupal Drupal	=7.34
Drupal Drupal	=7.35
Drupal Drupal	=7.36
Drupal Drupal	=7.37
Drupal Drupal	=7.38
Drupal Drupal	=7.40
Drupal Drupal	=7.41
Drupal Drupal	=7.x-dev
Drupal Drupal	=8.0.0
Drupal Drupal	=8.0.1
Drupal Drupal	=8.0.2
Drupal Drupal	=8.0.3
Debian GNU/Linux	=7.0
Debian GNU/Linux	=8.0

Remedy

https://www.drupal.org/SA-CORE-2016-001

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3162?
CVE-2016-3162 has a severity rating of highly critical due to its potential for file upload access bypass and denial of service.
How do I fix CVE-2016-3162?
To fix CVE-2016-3162, update your Drupal installation to version 7.43 or 8.0.4 or later.
Which versions are affected by CVE-2016-3162?
CVE-2016-3162 affects Drupal versions 7.x before 7.43 and 8.x before 8.0.4.
What is the impact of CVE-2016-3162?
The impact of CVE-2016-3162 includes unauthorized access to files and potential denial of service, which may compromise sensitive data.
Who can exploit CVE-2016-3162?
CVE-2016-3162 can be exploited by remote authenticated users who have permission to create content.

collector/friends-of-php
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-w2pj-c8x5-jvg2
alias/CVE-2016-3162
agent/software-canonical-lookup
agent/remedy
agent/weakness
agent/severity
agent/references
agent/description
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
package-manager/composer
vendor/drupal
canonical/drupal drupal
version/drupal drupal/7.0
version/drupal drupal/7.0-alpha1
version/drupal drupal/7.0-alpha2
version/drupal drupal/7.0-alpha3
version/drupal drupal/7.0-alpha4
version/drupal drupal/7.0-alpha5
version/drupal drupal/7.0-alpha6
version/drupal drupal/7.0-alpha7
version/drupal drupal/7.0-beta1
version/drupal drupal/7.0-beta2
version/drupal drupal/7.0-beta3
version/drupal drupal/7.0-dev
version/drupal drupal/7.0-rc1
version/drupal drupal/7.0-rc2
version/drupal drupal/7.0-rc3
version/drupal drupal/7.0-rc4
version/drupal drupal/7.1
version/drupal drupal/7.2
version/drupal drupal/7.3
version/drupal drupal/7.4
version/drupal drupal/7.5
version/drupal drupal/7.6
version/drupal drupal/7.7
version/drupal drupal/7.8
version/drupal drupal/7.9
version/drupal drupal/7.10
version/drupal drupal/7.11
version/drupal drupal/7.12
version/drupal drupal/7.13
version/drupal drupal/7.14
version/drupal drupal/7.15
version/drupal drupal/7.16
version/drupal drupal/7.17
version/drupal drupal/7.18
version/drupal drupal/7.19
version/drupal drupal/7.20
version/drupal drupal/7.21
version/drupal drupal/7.22
version/drupal drupal/7.23
version/drupal drupal/7.24
version/drupal drupal/7.25
version/drupal drupal/7.26
version/drupal drupal/7.27
version/drupal drupal/7.28
version/drupal drupal/7.29
version/drupal drupal/7.30
version/drupal drupal/7.31
version/drupal drupal/7.32
version/drupal drupal/7.33
version/drupal drupal/7.34
version/drupal drupal/7.35
version/drupal drupal/7.36
version/drupal drupal/7.37
version/drupal drupal/7.38
version/drupal drupal/7.40
version/drupal drupal/7.41
version/drupal drupal/7.x-dev
version/drupal drupal/8.0.0
version/drupal drupal/8.0.1
version/drupal drupal/8.0.2
version/drupal drupal/8.0.3
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/7.0
version/debian gnu/linux/8.0