CVE-2016-3163

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

Published: Apr 12, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-3163
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
drupal / drupal	7.0-alpha5	7.0-alpha5.x
drupal / drupal	7.0-dev	7.0-dev.x
drupal / drupal	7.0-alpha7	7.0-alpha7.x
drupal / drupal	6.0-beta2	6.0-beta2.x
drupal / drupal	6.33	6.33.x
drupal / drupal	7.40	7.40.x
drupal / drupal	7.16	7.16.x
drupal / drupal	6.0-rc2	6.0-rc2.x
drupal / drupal	7.21	7.21.x
drupal / drupal	6.2	6.2.x
drupal / drupal	7.0-rc2	7.0-rc2.x
drupal / drupal	7.18	7.18.x
drupal / drupal	7.15	7.15.x
drupal / drupal	7.0-rc4	7.0-rc4.x
drupal / drupal	6.14	6.14.x
drupal / drupal	7.38	7.38.x
drupal / drupal	6.24	6.24.x
drupal / drupal	6.13	6.13.x
drupal / drupal	6.0-dev	6.0-dev.x
drupal / drupal	6.25	6.25.x
drupal / drupal	6.18	6.18.x
drupal / drupal	7.41	7.41.x
drupal / drupal	7.0-beta2	7.0-beta2.x
drupal / drupal	7.0-rc3	7.0-rc3.x
drupal / drupal	7.0-alpha1	7.0-alpha1.x
drupal / drupal	6.0-beta4	6.0-beta4.x
drupal / drupal	7.3	7.3.x
drupal / drupal	6.12	6.12.x
drupal / drupal	6.32	6.32.x
drupal / drupal	7.17	7.17.x
drupal / drupal	7.8	7.8.x
drupal / drupal	7.0-alpha4	7.0-alpha4.x
drupal / drupal	7.13	7.13.x
drupal / drupal	7.35	7.35.x
drupal / drupal	6.0-rc3	6.0-rc3.x
drupal / drupal	7.20	7.20.x
drupal / drupal	6.0-rc4	6.0-rc4.x
drupal / drupal	6.4	6.4.x
drupal / drupal	7.5	7.5.x
drupal / drupal	6.11	6.11.x
drupal / drupal	7.10	7.10.x
drupal / drupal	7.30	7.30.x
drupal / drupal	7.27	7.27.x
drupal / drupal	7.6	7.6.x
drupal / drupal	7.12	7.12.x
drupal / drupal	6.0-beta1	6.0-beta1.x
drupal / drupal	7.34	7.34.x
drupal / drupal	6.36	6.36.x
drupal / drupal	7.9	7.9.x
drupal / drupal	7.0-rc1	7.0-rc1.x
drupal / drupal	6.35	6.35.x
drupal / drupal	6.26	6.26.x
drupal / drupal	7.0-beta3	7.0-beta3.x
drupal / drupal	6.30	6.30.x
drupal / drupal	7.4	7.4.x
drupal / drupal	7.x-dev	7.x-dev.x
drupal / drupal	6.7	6.7.x
drupal / drupal	7.28	7.28.x
drupal / drupal	7.22	7.22.x
drupal / drupal	6.22	6.22.x
drupal / drupal	7.0-alpha2	7.0-alpha2.x
drupal / drupal	6.8	6.8.x
drupal / drupal	6.27	6.27.x
drupal / drupal	6.19	6.19.x
drupal / drupal	7.11	7.11.x
drupal / drupal	7.33	7.33.x
drupal / drupal	6.1	6.1.x
drupal / drupal	6.28	6.28.x
drupal / drupal	6.21	6.21.x
drupal / drupal	7.0-alpha6	7.0-alpha6.x
drupal / drupal	7.19	7.19.x
drupal / drupal	6.17	6.17.x
drupal / drupal	6.5	6.5.x
drupal / drupal	7.25	7.25.x
drupal / drupal	7.0	7.0.x
drupal / drupal	7.32	7.32.x
drupal / drupal	7.24	7.24.x
drupal / drupal	6.31	6.31.x
drupal / drupal	6.10	6.10.x
drupal / drupal	7.14	7.14.x
drupal / drupal	7.23	7.23.x
drupal / drupal	7.26	7.26.x
drupal / drupal	7.0-beta1	7.0-beta1.x
drupal / drupal	6.23	6.23.x
drupal / drupal	6.6	6.6.x
drupal / drupal	7.29	7.29.x
drupal / drupal	6.0	6.0.x
drupal / drupal	7.1	7.1.x
drupal / drupal	7.31	7.31.x
drupal / drupal	6.15	6.15.x
drupal / drupal	6.0-beta3	6.0-beta3.x
drupal / drupal	6.16	6.16.x
drupal / drupal	7.7	7.7.x
drupal / drupal	6.34	6.34.x
drupal / drupal	7.0-alpha3	7.0-alpha3.x
drupal / drupal	6.3	6.3.x
drupal / drupal	7.2	7.2.x
drupal / drupal	6.0-rc1	6.0-rc1.x
drupal / drupal	6.29	6.29.x
drupal / drupal	7.37	7.37.x
drupal / drupal	7.42	7.42.x
drupal / drupal	6.37	6.37.x
drupal / drupal	6.20	6.20.x
drupal / drupal	7.36	7.36.x

Vulnerability Database

314,343

CVE-2016-3163

Deep Security Visibility Without the Complexity