Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6171

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-6171
Last Modified 14 May 2009 01:33:19
Published 19 Feb 2009 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6171

Summary

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Vulnerable Systems

Application

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.10

  • Drupal 5.11

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 5.9

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.2

  • Drupal 6.3

  • Drupal 6.4

  • Drupal 6.5


References

CONFIRM - http://drupal.org/node/324824

FEDORA - FEDORA-2008-9213

FEDORA - FEDORA-2008-9170

XF - drupal-unspecified-file-include(46049)

VUPEN - ADV-2008-2913

BID - 31900

SECUNIA - 32441

SECUNIA - 32389

MISC - http://drupal.org/files/sa-2008-067/SA-2008-067-5.11.patch


Last Updated: 27 May 2016 10:49:06