CVE-2016-9450

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

We have discovered 134,617 live websites that are affected by CVE-2016-9450.

Test my site



Affected Software

Product  Drupal
Category Content Management System
Vulnerable Domains134,617 live websites (53.59% of Drupal install base)
Vulnerable Versions
  • from 0 before 8.2.3
Vulnerable Versions Count34 versions ( 11.15% of all versions)



Details

  • Published - Nov 26, 2016
  • Updated - Aug 6, 2024

CVE-2016-9450 usage by Country

United States42,214 websites


Germany13,945 websites
Russia11,934 websites
France10,390 websites
GB4,250 websites
Belgium3,941 websites
Netherlands3,691 websites
Italy3,387 websites
Spain2,840 websites
Hungary2,503 websites

CVE-2016-9450 usage by TLD

.com37,037 websites
.org11,561 websites
.ru9,893 websites
.de7,228 websites
.fr4,924 websites
.be4,361 websites
.edu4,035 websites
.net3,307 websites
.it2,936 websites
.nl2,763 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2016-9450

Top websites that are affected by CVE-2016-9450. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
******.org United States***
***.org United States*,***
********.gov United States*,***
******.gov United States*,***
***.**.gov United States*,***
******.edu United States*,***
***.gov United States*,***
****.org United States*,***
***.com United States*,***
*******.com Netherlands*,***
See full domain list

FAQ

A total of 134,617 websites have been identified as vulnerable to CVE-2016-9450, discovered through global website indexing conducted by WebTechSurvey.
Drupal is susceptible to CVE-2016-9450 vulnerability.
Drupal versions before 8.2.3 are vulnerable to CVE-2016-9450.
Version 8.2.3 of Drupal addresses the CVE-2016-9450 security vulnerability.