CVE-2008-6171
Published: 19 February 2009
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
Notes
Author | Note |
---|---|
mdeslaur | SA-2008-067 |
Priority
Status
Package | Release | Status |
---|---|---|
drupal5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Released
(5.7-1ubuntu1.2)
|
|
intrepid |
Released
(5.10-1ubuntu1.1)
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Released
(5.15-1)
|
|
drupal6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Released
(6.6-3)
|