Launchpad.net

CVE 2008-6171

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Related bugs and status

CVE-2008-6171 (Candidate) is related to these bugs:

Bug #352644: generally unsecure drupal5 packages

Summary				In	Importance	Status
	352644	generally unsecure drupal5 packages		drupal5 (Ubuntu)	Undecided	Invalid

Bug #431080: Fix critical security issues in drupal packages

		In	Importance	Status
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu Hardy)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu Intrepid)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu Jaunty)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu Karmic)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Debian)	Unknown	Fix Released
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu Hardy)	Undecided	Invalid
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu Intrepid)	Undecided	Invalid
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu Jaunty)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu Karmic)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal6 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-6171

Related bugs and status

Related bugs

References