CVE Vulnerabilities

CVE-2008-6171

Published: Feb 19, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for IP-based virtual hosts, allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Affected Software

Name Vendor Start Version End Version
Drupal Drupal 5.10 5.10
Drupal Drupal 5.4 5.4
Drupal Drupal 6.2 6.2
Drupal Drupal 5.2 5.2
Drupal Drupal 5.7 5.7
Drupal Drupal 6.4 6.4
Drupal Drupal 5.0 5.0
Drupal Drupal 6.1 6.1
Drupal Drupal 5.6 5.6
Drupal Drupal 5.1 5.1
Drupal Drupal 6.5 6.5
Drupal Drupal 5.5 5.5
Drupal Drupal 6.0 6.0
Drupal Drupal 5.9 5.9
Drupal Drupal 5.8 5.8
Drupal Drupal 5.3 5.3
Drupal Drupal 6.3 6.3
Drupal Drupal 5.11 5.11

References