Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-6171

Опубликовано: 19 фев. 2009
Источник: nvd
CVSS2: 9.3
EPSS Низкий

Описание

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.11:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*

EPSS

Процентиль: 85%
0.02646
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-16

Связанные уязвимости

ubuntu логотип

CVE-2008-6171

ubuntu
больше 16 лет назад

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

debian логотип

CVE-2008-6171

debian
больше 16 лет назад

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, w ...

github логотип

GHSA-xhmx-mwfm-vrhx

github
около 3 лет назад

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

EPSS

Процентиль: 85%
0.02646
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-16