Описание
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | ignored | end of life, was needs-triage |
| hardy | released | 5.7-1ubuntu1.2 |
| intrepid | released | 5.10-1ubuntu1.1 |
| jaunty | not-affected | |
| karmic | not-affected | |
| upstream | released | 5.15-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | not-affected | |
| karmic | not-affected | |
| upstream | released | 6.6-3 |
Показывать по
Ссылки на источники
EPSS
9.3 Critical
CVSS2
Связанные уязвимости
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, w ...
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
EPSS
9.3 Critical
CVSS2