CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
| Software | From | Fixed in |
|---|---|---|
drupal / drupal
|
5.10 | 5.10.x |
|
drupal / drupal
|
5.4 | 5.4.x |
|
drupal / drupal
|
6.2 | 6.2.x |
|
drupal / drupal
|
5.2 | 5.2.x |
|
drupal / drupal
|
5.7 | 5.7.x |
|
drupal / drupal
|
6.4 | 6.4.x |
|
drupal / drupal
|
5.0 | 5.0.x |
|
drupal / drupal
|
6.1 | 6.1.x |
|
drupal / drupal
|
5.6 | 5.6.x |
|
drupal / drupal
|
5.1 | 5.1.x |
|
drupal / drupal
|
6.5 | 6.5.x |
|
drupal / drupal
|
5.5 | 5.5.x |
|
drupal / drupal
|
6.0 | 6.0.x |
|
drupal / drupal
|
5.9 | 5.9.x |
|
drupal / drupal
|
5.8 | 5.8.x |
|
drupal / drupal
|
5.3 | 5.3.x |
|
drupal / drupal
|
6.3 | 6.3.x |
|
drupal / drupal
|
5.11 | 5.11.x |
- http://drupal.org/files/sa-2008-067/SA-2008-067-5.11.patch
- http://drupal.org/node/324824
- http://secunia.com/advisories/32389
- http://secunia.com/advisories/32441
- http://www.securityfocus.com/bid/31900
- http://www.vupen.com/english/advisories/2008/2913
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46049
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00783.html
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00826.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime