Vulnerability Description
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | 4.6 |
References
- http://drupal.org/files/sa-2006-007/advisory.txtPatchVendor Advisory
- http://drupal.org/node/66763Patch
- http://secunia.com/advisories/21244
- http://securityreason.com/securityalert/1042
- http://www.debian.org/security/2006/dsa-1125
- http://www.securityfocus.com/archive/1/435792/100/0/threaded
- http://www.securityfocus.com/bid/18245
- http://drupal.org/files/sa-2006-007/advisory.txtPatchVendor Advisory
- http://drupal.org/node/66763Patch
- http://secunia.com/advisories/21244
- http://securityreason.com/securityalert/1042
- http://www.debian.org/security/2006/dsa-1125
- http://www.securityfocus.com/archive/1/435792/100/0/threaded
- http://www.securityfocus.com/bid/18245
FAQ
What is CVE-2006-2831?
CVE-2006-2831 is a vulnerability with a CVSS score of 7.5 (HIGH). Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arb...
How severe is CVE-2006-2831?
CVE-2006-2831 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2831?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.