Lucene search

[email protected]NVD:CVE-2008-6171

HistoryFeb 19, 2009 - 3:30 p.m.

CVE-2008-6171

2009-02-1915:30:00

CWE-16

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for “IP-based virtual hosts,” allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Affected configurations

Nvd

Node

drupaldrupalMatch5.0

drupaldrupalMatch5.1

drupaldrupalMatch5.2

drupaldrupalMatch5.3

drupaldrupalMatch5.4

drupaldrupalMatch5.5

drupaldrupalMatch5.6

drupaldrupalMatch5.7

drupaldrupalMatch5.8

drupaldrupalMatch5.9

drupaldrupalMatch5.10

drupaldrupalMatch5.11

drupaldrupalMatch6.0

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupaldrupalMatch6.4

drupaldrupalMatch6.5

References

drupal.org/files/sa-2008-067/SA-2008-067-5.11.patch

drupal.org/node/324824

secunia.com/advisories/32389

secunia.com/advisories/32441

www.securityfocus.com/bid/31900

www.vupen.com/english/advisories/2008/2913

exchange.xforce.ibmcloud.com/vulnerabilities/46049

www.redhat.com/archives/fedora-package-announce/2008-October/msg00783.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00826.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON

Related for NVD:CVE-2008-6171

ubuntucve1 prion2 cve2 cvelist1 redhatcve2 nvd1 nessus2