Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2743

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2743
Last Modified 07 Mar 2011 09:36:56
Published 01 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2743

Summary

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

Vulnerable Systems

Application

  • Drupal 4.6

  • Drupal 4.6.0

  • Drupal 4.6.1

  • Drupal 4.6.2

  • Drupal 4.6.3

  • Drupal 4.6.4

  • Drupal 4.6.5

  • Drupal 4.6.6

  • Drupal 4.7.0


References

XF - drupal-files-script-execution(26655)

SECUNIA - 20140

CONFIRM - http://drupal.org/node/65409

VUPEN - ADV-2006-1975

BID - 18245

BUGTRAQ - 20060602 [DRUPAL-SA-2006-006] Drupal 4.6.7 / 4.7.1 fixes arbitrary file execution issue

DEBIAN - DSA-1125

SECUNIA - 21244

MILW0RM - 1821


Last Updated: 27 May 2016 10:42:44