{"id":"CVE-2016-3164","details":"Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.","aliases":["GHSA-836p-6p4j-35cg"],"modified":"2026-03-12T22:22:53.739850Z","published":"2016-04-12T15:59:02.150Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/02/24/19"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/03/15/10"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3498"},{"type":"FIX","url":"https://www.drupal.org/SA-CORE-2016-001"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"0"},{"last_affected":"f8d6bbf44160e6d00e71f0172ecf80e78d0f0d3c"},{"introduced":"0"},{"last_affected":"f8d6bbf44160e6d00e71f0172ecf80e78d0f0d3c"},{"introduced":"0"},{"last_affected":"d6c7b4cf627ab409c595e1c76bf0a8deadbc7feb"},{"introduced":"0"},{"last_affected":"fee422170acc602c2049af4dc2fd00f1da3c5713"},{"introduced":"0"},{"last_affected":"dff6422ef765e6a6b1ca03184e4ed334c895fd4c"},{"introduced":"0"},{"last_affected":"49f719f7c4f7c1b69dc35ff8fbdea123e7d88f92"},{"introduced":"0"},{"last_affected":"85c9ed0b6a001b4196b24826841e2cf2d18d2612"},{"introduced":"0"},{"last_affected":"87a469b868ad719c11fb59d932b8d4a5bcf02b08"},{"introduced":"0"},{"last_affected":"ead5598cdfaf1505b478aa03db4017f9c1f829f5"},{"introduced":"0"},{"last_affected":"80cff5cedfe9f8a23596c1a7e1ae456c894a79ae"},{"introduced":"0"},{"last_affected":"bdd3062d800919f27627b8fddc3887b2495074c2"},{"introduced":"0"},{"last_affected":"a7c068b9bc213c599872a0f729d736f5ff3d7866"},{"introduced":"0"},{"last_affected":"8135c33f6fd219124b085a2e50ea9bf1f6e87612"},{"introduced":"0"},{"last_affected":"84f629ace76044177ddd24ad03c2566b9af1688b"},{"introduced":"0"},{"last_affected":"7c757303a57f24770f2707529f8398d194a5efcd"},{"introduced":"0"},{"last_affected":"b62ba500242b711ce932ecfeb258c00e22c258ba"},{"introduced":"0"},{"last_affected":"23bda276dc19dd3b3d17174b808020ae820879c7"},{"introduced":"0"},{"last_affected":"77b6714fb3e0bcec9ef7df1a610eb6bdbf09636e"},{"introduced":"0"},{"last_affected":"a09fcca0294ef62ba7b1c7ec2af2980f0a39d3e1"},{"introduced":"0"},{"last_affected":"4e8e0454b3bfc3b846cf4b7bcaca0e8f42f0c17a"},{"introduced":"0"},{"last_affected":"88146f6da7b169a6504ecfdd39fe29913c977350"},{"introduced":"0"},{"last_affected":"8636b1234c84a07f0f087ca5d64483c4fc7b2256"},{"introduced":"0"},{"last_affected":"7c4e429b7fa771676a18321aac9896e86773891e"},{"introduced":"0"},{"last_affected":"39f366e0a91bb0f79cdf7aab8d50c92473e6bd4e"},{"introduced":"0"},{"last_affected":"10edcf72444e58b2032957edd3d478ac2d431b0c"},{"introduced":"0"},{"last_affected":"3595e528c35eeeef5cdcd11932ede5af0b21447c"},{"introduced":"0"},{"last_affected":"7e8649f761e0279e07b2050a7ec61097636f269b"},{"introduced":"0"},{"last_affected":"9260bc47d39971738f6d489554a4eb22c8c8e85e"},{"introduced":"0"},{"last_affected":"da8023a98808d243a03d494750a30d06dd1827cc"},{"introduced":"0"},{"last_affected":"6f2fd0451a5cae837870da665f35514d8730fcf3"},{"introduced":"0"},{"last_affected":"9ce67f2e403f7238a581fc78ca51a7f5ba32fb52"},{"introduced":"0"},{"last_affected":"203f323c8813f60c634ca23e025934d1527b0418"},{"introduced":"0"},{"last_affected":"66e94d74994fced9fafbb2583f1c9e1bc636c04f"},{"introduced":"0"},{"last_affected":"92eedf2c17bcea6db47c6b317c6ebf6078bfffae"},{"introduced":"0"},{"last_affected":"c71b15f68010db028f07839c226d31563f220890"},{"introduced":"0"},{"last_affected":"01c9f6164e9b48a7d715e07fb0d98fbe71bae87b"},{"introduced":"0"},{"last_affected":"8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93"},{"introduced":"0"},{"last_affected":"a362d912056d6e385a6c458cddf776ec746c68ae"},{"introduced":"0"},{"last_affected":"e9d0768c1326332a3f1bbac761e7d9d7156d4ae6"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"c511a4abe771499fe4ff682decad59a3cd1e61d0"},{"introduced":"0"},{"last_affected":"154ffa85f8bf5033c958ba8face74797463a6bde"},{"introduced":"0"},{"last_affected":"d516f6778e57da524e3491710c6e5a5382dc647e"},{"introduced":"0"},{"last_affected":"a4fabec730e7377f6dfe656599145b40f778a77d"},{"introduced":"0"},{"last_affected":"9b9d9296c85e88d6ecb875d7e350e0083a105108"},{"introduced":"0"},{"last_affected":"9bf09eea76bbf071db4016252faca2d20bf1a6c2"},{"introduced":"0"},{"last_affected":"0c6f9b0074a227fe1b2fef3621925ef900039486"},{"introduced":"0"},{"last_affected":"d0b330ef316d761fc02eadeb659f9ff1ab106c3e"},{"introduced":"0"},{"last_affected":"237c0642a799ed3a1895f3144d8017422e2a8f72"},{"introduced":"0"},{"last_affected":"d08387cf6316da3b5158ccc1063acc5399ef3ee2"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"316bd96ebff36284f5f3e33268760ff9c672b6f8"},{"introduced":"0"},{"last_affected":"49e2d2ca6f6c6489b07b9e863150d20a38148a57"},{"introduced":"0"},{"last_affected":"ebf9026bb8411de4866824f45ab825ecb41a5f47"},{"introduced":"0"},{"last_affected":"d8cfe088697631a9789895b4128b12ab79c07207"},{"introduced":"0"},{"last_affected":"eabb023933ac83947e5d238c4a83b1f5bdbcc738"},{"introduced":"0"},{"last_affected":"1f124bf1accbad60b31a463ff59232d2f5626100"},{"introduced":"0"},{"last_affected":"ca9434462a4af269f24b0b616939938a3a4c112f"},{"introduced":"0"},{"last_affected":"6b54665a5921d26d00559644754047420776da4a"},{"introduced":"0"},{"last_affected":"09bfa80c0c6ffabf7e02e706dbfd2f514619bbc4"},{"introduced":"0"},{"last_affected":"a07564a2968a464d3f800da0c2e75045caa367ea"},{"introduced":"0"},{"last_affected":"40093b2fa7dde4a5f3c6806aad91b9302c232903"},{"introduced":"0"},{"last_affected":"4d4080b17681ae674e10c077b72d00f0b1544e0c"},{"introduced":"0"},{"last_affected":"9879d29f731570a34b24c4eae4cc8cb30c7a5082"},{"introduced":"0"},{"last_affected":"30d1e719aa5e9a9ad66514078ca3b0975ddadc9c"},{"introduced":"0"},{"last_affected":"a584af62514ba7ec37b82b0c7b17081fcca4c5e0"},{"introduced":"0"},{"last_affected":"b9127101ffeca819e74a03fa9f5a48d026c562e5"},{"introduced":"0"},{"last_affected":"c5d6e6334fb7a71ecf1dbc7e06a7de8ad9547b27"},{"introduced":"0"},{"last_affected":"b47f95d3013619e33cafdf8b769b2b6179a07956"},{"introduced":"0"},{"last_affected":"1d4604da252f0e6e19339957ec214388f61b908d"},{"introduced":"0"},{"last_affected":"3a24da1b40f5e05876ad7775044500b61eb2ed94"},{"introduced":"0"},{"last_affected":"ec59e1197a2aa37557f9a87f13ba4d90e6aabf4c"},{"introduced":"0"},{"last_affected":"dce3c77a61d9510dbac6927b60a03bc8da19e947"},{"introduced":"0"},{"last_affected":"bf704d6ffe55d66a440a55a9d43e8846d46d2440"},{"introduced":"0"},{"last_affected":"782d1155c62c0a879bf587c7e40c3a13bcf6879c"},{"introduced":"0"},{"last_affected":"effed1c831c997be26e12f18be0d8eb683f21a75"},{"introduced":"0"},{"last_affected":"dc791ec5839b52c7616bf66993122aa9a1336384"},{"introduced":"0"},{"last_affected":"6642fbc7001c728e218170fd286e6b8a24eef24f"},{"introduced":"0"},{"last_affected":"1769d1cca92e206510528c324552797e83a1fc7c"},{"introduced":"0"},{"last_affected":"83b80acad8431fcd56e9a331ba06c41edee48c91"},{"introduced":"0"},{"last_affected":"f9784cf829fe2d6aad57b6de1f2e3a167e95cea6"},{"introduced":"0"},{"last_affected":"90e884ad0f7f2cf269d953f7d70966de9fd821ff"},{"introduced":"0"},{"last_affected":"131a6f5129b18f3913ba5882111797f8588c5aaf"},{"introduced":"0"},{"last_affected":"4ba5f184c69306da0e30260890f01ea0694af274"},{"introduced":"0"},{"last_affected":"81586d9e9d04dcee487c50de426c04221899b6d0"},{"introduced":"0"},{"last_affected":"b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8"},{"introduced":"0"},{"last_affected":"b42286571f4a22324f321af025768107caa99c30"},{"introduced":"0"},{"last_affected":"18c5da5028b7c3ba985e598bb8df45613285d437"},{"introduced":"0"},{"last_affected":"5cb79b4b217e9aa315d61284398cce132c28bea4"},{"introduced":"0"},{"last_affected":"9d16792580c241b42e6192b480f65cf0bdd07bc9"},{"introduced":"0"},{"last_affected":"9f72251c9291b5613acb9ca4ea7a51b4739e3f93"},{"introduced":"0"},{"last_affected":"9ee4a1a2fa3bedb3852d21f2198509c107c48890"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"},{"introduced":"0"},{"last_affected":"9b7ead2e45935bc1dadfe74490b8cbefa54f433a"},{"introduced":"0"},{"last_affected":"305b2f38da238705a10e543994808ce29dbdbbc0"},{"introduced":"0"},{"last_affected":"64de978a08663904ba8231f20d2f26c8f5a135e8"},{"introduced":"0"},{"last_affected":"70378b5c5dd7c99f56f7e3f36cffcd33d46644c6"},{"introduced":"0"},{"last_affected":"598ccc572506256a13c6b3eb978b348f0dee3c6b"},{"introduced":"0"},{"last_affected":"48786c6ee658f4ef4275962331d406ab186dd6f0"},{"introduced":"0"},{"last_affected":"fc345ab700c4d00eb5d1f5000700bc534feb49c6"},{"introduced":"0"},{"last_affected":"c3f5245f1c98a8a1cf119c977db05488e0a32074"},{"introduced":"0"},{"last_affected":"c24c1c7694c3970213e758a7198bc4e4a9c485f8"},{"introduced":"0"},{"last_affected":"5249c53ef0c3a715bc46bb568c91470ed0374996"},{"introduced":"0"},{"last_affected":"19b32a3ab40e8c89495ee260e46a5e8375ad3756"},{"introduced":"0"},{"last_affected":"15ddad3bf498b0e8bdfe7724e1dbaf653c2d7885"},{"introduced":"0"},{"last_affected":"e15ebedc4c6afdab87c1ffd7cb1f5ca462aafe87"},{"introduced":"0"},{"last_affected":"5bf651dabf88766a588adf3c34a7ee2fa1ab4016"},{"introduced":"0"},{"last_affected":"09dbe27efa2b6f255b804168711166bd3f8b6d4e"},{"introduced":"0"},{"last_affected":"079a52b45df32b8aa82d1eb0c57bd97d1e065f57"},{"introduced":"0"},{"last_affected":"b7390caeeec23886c4b8d91f8952c35c034cd41f"},{"introduced":"0"},{"last_affected":"f1def1199d3e73144d8931b30ebef7d2d82526cb"},{"introduced":"0"},{"last_affected":"4f05b98429b58c93fec1a8222956851f03a6c4ac"},{"introduced":"0"},{"last_affected":"260d019e286d36f7d2b4fb5b3d62723a9ee81840"},{"introduced":"0"},{"last_affected":"2d64433829033660b87a1a1d054b3899a18addba"},{"introduced":"0"},{"last_affected":"647bfab79e6ee1fddb339c50152315e479d4fe8f"},{"introduced":"0"},{"last_affected":"3f7404935955cd2a63023e77a07c4231ad5ff62a"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"6.0-dev"},{"introduced":"0"},{"last_affected":"6.1"},{"introduced":"0"},{"last_affected":"6.2"},{"introduced":"0"},{"last_affected":"6.3"},{"introduced":"0"},{"last_affected":"6.4"},{"introduced":"0"},{"last_affected":"6.5"},{"introduced":"0"},{"last_affected":"6.6"},{"introduced":"0"},{"last_affected":"6.7"},{"introduced":"0"},{"last_affected":"6.8"},{"introduced":"0"},{"last_affected":"6.9"},{"introduced":"0"},{"last_affected":"6.10"},{"introduced":"0"},{"last_affected":"6.11"},{"introduced":"0"},{"last_affected":"6.12"},{"introduced":"0"},{"last_affected":"6.13"},{"introduced":"0"},{"last_affected":"6.14"},{"introduced":"0"},{"last_affected":"6.15"},{"introduced":"0"},{"last_affected":"6.16"},{"introduced":"0"},{"last_affected":"6.17"},{"introduced":"0"},{"last_affected":"6.18"},{"introduced":"0"},{"last_affected":"6.19"},{"introduced":"0"},{"last_affected":"6.20"},{"introduced":"0"},{"last_affected":"6.21"},{"introduced":"0"},{"last_affected":"6.22"},{"introduced":"0"},{"last_affected":"6.23"},{"introduced":"0"},{"last_affected":"6.24"},{"introduced":"0"},{"last_affected":"6.25"},{"introduced":"0"},{"last_affected":"6.26"},{"introduced":"0"},{"last_affected":"6.27"},{"introduced":"0"},{"last_affected":"6.28"},{"introduced":"0"},{"last_affected":"6.29"},{"introduced":"0"},{"last_affected":"6.30"},{"introduced":"0"},{"last_affected":"6.31"},{"introduced":"0"},{"last_affected":"6.32"},{"introduced":"0"},{"last_affected":"6.33"},{"introduced":"0"},{"last_affected":"6.34"},{"introduced":"0"},{"last_affected":"6.35"},{"introduced":"0"},{"last_affected":"6.36"},{"introduced":"0"},{"last_affected":"6.37"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.0-alpha1"},{"introduced":"0"},{"last_affected":"7.0-alpha2"},{"introduced":"0"},{"last_affected":"7.0-alpha3"},{"introduced":"0"},{"last_affected":"7.0-alpha4"},{"introduced":"0"},{"last_affected":"7.0-alpha5"},{"introduced":"0"},{"last_affected":"7.0-alpha6"},{"introduced":"0"},{"last_affected":"7.0-alpha7"},{"introduced":"0"},{"last_affected":"7.0-beta1"},{"introduced":"0"},{"last_affected":"7.0-beta2"},{"introduced":"0"},{"last_affected":"7.0-beta3"},{"introduced":"0"},{"last_affected":"7.0-dev"},{"introduced":"0"},{"last_affected":"7.1"},{"introduced":"0"},{"last_affected":"7.2"},{"introduced":"0"},{"last_affected":"7.3"},{"introduced":"0"},{"last_affected":"7.4"},{"introduced":"0"},{"last_affected":"7.5"},{"introduced":"0"},{"last_affected":"7.6"},{"introduced":"0"},{"last_affected":"7.7"},{"introduced":"0"},{"last_affected":"7.8"},{"introduced":"0"},{"last_affected":"7.9"},{"introduced":"0"},{"last_affected":"7.10"},{"introduced":"0"},{"last_affected":"7.11"},{"introduced":"0"},{"last_affected":"7.12"},{"introduced":"0"},{"last_affected":"7.13"},{"introduced":"0"},{"last_affected":"7.14"},{"introduced":"0"},{"last_affected":"7.15"},{"introduced":"0"},{"last_affected":"7.16"},{"introduced":"0"},{"last_affected":"7.17"},{"introduced":"0"},{"last_affected":"7.18"},{"introduced":"0"},{"last_affected":"7.19"},{"introduced":"0"},{"last_affected":"7.20"},{"introduced":"0"},{"last_affected":"7.21"},{"introduced":"0"},{"last_affected":"7.22"},{"introduced":"0"},{"last_affected":"7.23"},{"introduced":"0"},{"last_affected":"7.24"},{"introduced":"0"},{"last_affected":"7.25"},{"introduced":"0"},{"last_affected":"7.26"},{"introduced":"0"},{"last_affected":"7.27"},{"introduced":"0"},{"last_affected":"7.28"},{"introduced":"0"},{"last_affected":"7.29"},{"introduced":"0"},{"last_affected":"7.30"},{"introduced":"0"},{"last_affected":"7.31"},{"introduced":"0"},{"last_affected":"7.32"},{"introduced":"0"},{"last_affected":"7.33"},{"introduced":"0"},{"last_affected":"7.34"},{"introduced":"0"},{"last_affected":"7.35"},{"introduced":"0"},{"last_affected":"7.36"},{"introduced":"0"},{"last_affected":"7.37"},{"introduced":"0"},{"last_affected":"7.38"},{"introduced":"0"},{"last_affected":"7.40"},{"introduced":"0"},{"last_affected":"7.41"},{"introduced":"0"},{"last_affected":"7.42"},{"introduced":"0"},{"last_affected":"7.x-dev"},{"introduced":"0"},{"last_affected":"8.0.0"},{"introduced":"0"},{"last_affected":"8.0.0-alpha14"},{"introduced":"0"},{"last_affected":"8.0.0-alpha15"},{"introduced":"0"},{"last_affected":"8.0.0-beta1"},{"introduced":"0"},{"last_affected":"8.0.0-beta10"},{"introduced":"0"},{"last_affected":"8.0.0-beta11"},{"introduced":"0"},{"last_affected":"8.0.0-beta12"},{"introduced":"0"},{"last_affected":"8.0.0-beta13"},{"introduced":"0"},{"last_affected":"8.0.0-beta14"},{"introduced":"0"},{"last_affected":"8.0.0-beta15"},{"introduced":"0"},{"last_affected":"8.0.0-beta16"},{"introduced":"0"},{"last_affected":"8.0.0-beta2"},{"introduced":"0"},{"last_affected":"8.0.0-beta3"},{"introduced":"0"},{"last_affected":"8.0.0-beta4"},{"introduced":"0"},{"last_affected":"8.0.0-beta6"},{"introduced":"0"},{"last_affected":"8.0.0-beta7"},{"introduced":"0"},{"last_affected":"8.0.0-beta9"},{"introduced":"0"},{"last_affected":"8.0.0-rc1"},{"introduced":"0"},{"last_affected":"8.0.0-rc2"},{"introduced":"0"},{"last_affected":"8.0.0-rc3"},{"introduced":"0"},{"last_affected":"8.0.0-rc4"},{"introduced":"0"},{"last_affected":"8.0.1"},{"introduced":"0"},{"last_affected":"8.0.2"},{"introduced":"0"},{"last_affected":"8.0.3"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["1.0","2.0","3.0.1","5.0-beta-1","5.0-beta-2","5.0-rc-1","5.0-rc-2","6.0","6.0-beta-1","6.0-beta-2","6.0-beta-3","6.0-beta-4","6.0-rc-1","6.0-rc-2","6.0-rc-3","6.0-rc-4","7.0","7.0-alpha1","7.0-alpha2","7.0-alpha3","7.0-alpha4","7.0-alpha5","7.0-alpha6","7.0-alpha7","7.0-beta1","7.0-beta2","7.0-beta3","7.0-rc-1","7.0-rc-2","7.0-rc-3","7.0-rc-4","7.0-unstable-1","7.0-unstable-10","7.0-unstable-2","7.0-unstable-3","7.0-unstable-4","7.0-unstable-5","7.0-unstable-6","7.0-unstable-7","start"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-beta4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha10"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha11"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha12"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha13"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha5"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha8"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0-alpha9"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3164.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}]}