CVE-2016-3166

medium

Published 2016-04-12 · Modified 2024-04-23

CVSS v3

5.9

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2

4.3

VIR risk

5.9

Description

Drupal CRLF injection vulnerability in the drupal_set_header function

Exploit likelihood

69%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.drupal.org/SA-CORE-2016-001

OS	Version	Status	Fixed in
debian	7.0	affected
debian	8.0	affected

Ecosystem	Package	Vulnerable	Fixed
Packagist	drupal/core	`>=6.0,<6.38`	`6.38`
Packagist	drupal/drupal	`>=6.0,<6.38`	`6.38`

Vendor	Product	Versions
drupal	drupal	`6.0`
drupal	drupal	`6.1`
drupal	drupal	`6.2`
drupal	drupal	`6.3`
drupal	drupal	`6.4`
drupal	drupal	`6.5`
drupal	drupal	`6.6`
drupal	drupal	`6.7`
drupal	drupal	`6.8`
drupal	drupal	`6.9`
drupal	drupal	`6.10`
drupal	drupal	`6.11`
drupal	drupal	`6.12`
drupal	drupal	`6.13`
drupal	drupal	`6.14`
drupal	drupal	`6.15`
drupal	drupal	`6.16`
drupal	drupal	`6.17`
drupal	drupal	`6.18`
drupal	drupal	`6.19`
drupal	drupal	`6.20`
drupal	drupal	`6.21`
drupal	drupal	`6.22`
drupal	drupal	`6.23`
drupal	drupal	`6.24`
drupal	drupal	`6.25`
drupal	drupal	`6.26`
drupal	drupal	`6.27`
drupal	drupal	`6.28`
drupal	drupal	`6.29`
drupal	drupal	`6.30`
drupal	drupal	`6.31`
drupal	drupal	`6.32`
drupal	drupal	`6.33`
drupal	drupal	`6.34`
drupal	drupal	`6.35`
drupal	drupal	`6.36`
drupal	drupal	`6.37`

Verify integrity in audit chain (admin only). AS-IS.