CVE-2008-6171
Published: 19 February 2009
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
Notes
| Author | Note |
|---|---|
| mdeslaur | SA-2008-067 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
drupal5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Ignored
(end of life, was needs-triage)
|
|
| hardy |
Released
(5.7-1ubuntu1.2)
|
|
| intrepid |
Released
(5.10-1ubuntu1.1)
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| upstream |
Released
(5.15-1)
|
|
|
drupal6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| upstream |
Released
(6.6-3)
|